Has anyone looked into adding -D_FORTIFY_SOURCE=3 to some applications that directly interact with data from the Internet, such as t eh , web browser or parts of the Tor implementation?
More info: "GCC's new fortification level: The gains and costs" https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level It appears to make buffer overflows much harder to exploit, but the code needs to not access memory after freeing (good idea anyway) & there's *some* performance impact. It's unclear how much the performance impact is; probably the only way to know is to try it. --- David A. Wheeler _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.