On Tue, 2008-01-29 at 22:37 +0100, Pierre Habouzit wrote: > On Tue, Jan 29, 2008 at 09:16:24PM +0000, Moritz Muehlenhoff wrote: > > Fortify Source > > ============== > > > > This feature adds validation for internal C functions such as strcpy > > for buffer sizes known during compile time. While vulnerabilities in > > the functions it protects have become uncommon in high-profile apps, > > it will be useful for fringe packages we have in the archive. > > > > This feature is present in glibc since version 2.5, and is enabled > > through the use of "-D_FORTIFY_SOURCE=2" and "-O2" or higher. > > > > Well, -D_FORTIFY_SOURCE=2 is a severe performance loss in many > applications, and I wouldn't recommend activating it by default. =1 has > not the drawback with that regard though, but is less useful security > wise (though it catch many programmatic issues, and full archive rebuild > with -D_FORTIFY_SOURCE=1 would be worthwile independently of this). >
Out of curiosity, what applications in particular does -D_FORTIFY_SOURCE=2 cause issues in? It may be worthwhile to profile this feature and correct it's behaviour if the performance loss is that big of a deal. William
signature.asc
Description: This is a digitally signed message part