> On May 3, 2019, at 11:12 AM, Baesken, Matthias <matthias.baes...@sap.com> > wrote: > > > > > Hello. > maybe some of you are aware of the gcc FORTIFY_SOURCE application > security flags. > Developers can enable compile and also runtime checks for some string / > memory related operations with the flag. > > See details : > https://access.redhat.com/blogs/766093/posts/1976213 > > Have you tried already those flags in the OpenJDK ?
I happen to like _FORTIFY_SOURCE, as I’ve seen it catch some real problems that would have been much harder to find otherwise. However, we’ve tried it in the past and ran into some problems. There is an existing RFE to reinstate it’s use, which also mentions or references those previous attempts and the problems encountered. See JDK-8130017 "use _FORTIFY_SOURCE in gcc fastdebug builds”. I didn’t know about the hs_err problem. It might be considered less of a problem if only enabling in fastdebug builds (as suggested by JDK-8130017), as such builds are developer-oriented and the loss of an hs_err file is (while annoying) perhaps less critical.
