Bearing in mind the strict adherence to DO-178B, is there any value in these compiler security options?
Does my 64-bit build otherwise improve performance over the official Linux binary?
$ for x in sqlite3 sqlite3.i386; do ll $x; hardening-check $x; done
-rwxr-xr-x. 1 root root 1954360 Jul 13 13:47 sqlite3
sqlite3:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes
-rwxr-xr-x. 1 root root 1169124 Jul 6 13:53 sqlite3.i386
sqlite3.i386:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: no, only unprotected functions found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
$ file sqlite3 sqlite3.i386
sqlite3: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=90c166105dd34b2bd78eb3eb36622c01f855df8b, not stripped
sqlite3.i386: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 4.3.0, stripped
$ cat sqlite-autoconf-3360000.configure
CFLAGS='-O3 -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fpic -pie' \
LDFLAGS='-Wl,-z,relro,-z,now -Wl,-z,now' ./configure