The secure compiler configuration means that you can enable the compile-time defenses against memory corruption issues to execute unexpected exploit code. These mitigations may include RELRO, address space layout randomization (ASLR), NoExecute (NX), stack canaries, and position-independent executables (PIE). These secure compiler configurations should be done during the development stage.
The following table shows some of the available mitigation:
Mitigation |
Visual Studio compiler options |
Stack randomization |
/DyNAMICBASE |
Buffer overrun defenses |
/GS |
NoExecute (NX) |
/NXCOMPAT |
Exception handler protection |
/SAFESEH |
The following table shows the common build flags for GCC and G++ ...