google-toolbox-for-mac fobjc-arc & fstack-protector-all

187 views
Skip to first unread message

Giulio Cabug-os

unread,
Aug 14, 2018, 11:12:46 PM8/14/18
to google-toolbox-for-mac
Hello,

We have an app that uses firebase and firebase uses GoogleToolboxForMac and the security team flag us that we should have fobjc-arc & fstack-protector-all.
Is it necessary? Why is it that GoogleToolboxForMac release is not compile with both options.

Thanks, 

Thomas Van Lenten

unread,
Aug 20, 2018, 11:30:49 AM8/20/18
to google-toolbox-for-mac
-fobjc-arc I can't say I've heard of as a security tool.  It changes the memory model used by the code (manual reference counting vs. ARC), almost all of GTM was written before ARC existed and in some cases, code manual reference counting can be useful as it provides better performance compared to the retain/releases ARC will insert.

If you are using Firebase, I believe that means you get the compiler settings via Cocoapods, I'm not sure if there is a good way to have it wedge in -fstack-protector-all or it has an option to always do it.  That might take a little research to see how to make it work through the method you are integrating code from here.

TVL

Reply all
Reply to author
Forward
0 new messages