Bug#1132615: libc++1: Please enable LIBCXX_HARDENING_MODE=extensive or fast
Andres Salomon
dilinger at queued.net
Fri Apr 3 22:00:13 BST 2026
Package: libc++1
Version: 1:22.1.2-1
Severity: wishlist
libc++ supports a hardening mode which is enabled at build time; it's
the LIBCXX_HARDENING_MODE configuration in libcxx/CMakeLists.txt, and
currently defaults to "none". Users of llvm's libc++ can define it for
their own builds, and Chromium now requires its usage
(_LIBCPP_HARDENING_MODE_EXTENSIVE) for security reasons. It would be
nice if libc++ itself had one of the hardening modes enabled, too. I'm
not sure whether "fast" or "extensive" is more appropriate.
More details about llvm's hardening here:
https://libcxx.llvm.org/Hardening.html
And here's where Chromium started requiring it due to a security hole
that allowed escaping their v8 sandbox:
https://issues.chromium.org/issues/485696265
More information about the Pkg-llvm-team
mailing list