C-Based Toolchain Hardening

C-Based Toolchain Hardening is a technical guide to creating executables with defensive postures which integrate with platform security offered in its environment. This article will examine C, C++ and Objective C for Microsoft and GCC toolchains. Effectively configuring the toolchain means a project will enjoy a number of benefits, including enhanced warnings and static analysis, self-debugging code, and hardened production code.

There are three areas to be examined when hardening the toolchain: configuration and preprocessor, compiler, and linker. Nearly all areas are overlooked or neglected when setting up a project. The neglect appears to be pandemic, and it applies to nearly all projects including Auto-configured projects, Makefile-based, Eclipse-based, Visual Studio-based, or Xcode-based.

The article will also detail steps that quality assurance personnel can perform to ensure third party code meets organizational standards. If an organization has not fully developed its acceptance and testing criteria, then this article will also provide minimum standards.