Has anyone looked into adding -D_FORTIFY_SOURCE=3 to some applications that
directly interact with data from the Internet, such as t eh , web browser or
parts of the Tor implementation?
More info: "GCC's new fortification level: The gains and costs"
https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level
It appears to make buffer overflows much harder to exploit, but the code needs
to
not access memory after freeing (good idea anyway) & there's *some* performance
impact.
It's unclear how much the performance impact is; probably the only way to know
is to try it.
--- David A. Wheeler
___
Tails-dev mailing list
Tails-dev@boum.org
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
tails-dev-unsubscr...@boum.org.