Public bug reported: Hello, please consider this *untested* debdiff that I hope would enable -fzero-init-padding-bits=all and -Wbidi-chars=any in the Ubuntu-specific GCC specs.
The first option, -fzero-init-padding-bits=all, is asking the compiler to zero out bits in unions and structs. GCC 15 moved to a more standards-compliant implementation https://gcc.gnu.org/gcc-15/changes.html -- we could bring back the GCC 14 behavior with -fzero-init-padding-bits=unions but the option of zeroing even the unused padding bits is available to us now, I believe we should use it. https://gcc.gnu.org/onlinedocs/gcc/Code-Gen- Options.html#index-fzero-init-padding-bits_003dvalue The second option, -Wbidi-chars=any, brings no runtime security benefits. Instead, it will log instances of potentially malicious use of Unicode bidirectional characters that can mask malicious code from human inspection. I hope some day we could scrape the logs to discover abuse. https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options- Hardening-Guide-for-C-and-C++#enable-warnings-for-possibly-misleading- unicode-bidirectional-control-characters https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wbidi- chars_003d I tried to introduce -fhardened ( https://bugs.launchpad.net/ubuntu/+source/gcc-14/+bug/2080267 , https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options- Hardening-Guide-for-C-and-C++#enable-pre-determined-set-of-hardening- options-in-gcc ) but ran into significant problems. We should have a conversation about it. I was really hoping -fhardened could address https://bugs.launchpad.net/ubuntu/+source/gcc-14/+bug/2078989 -- and I think it would -- but the -Whardened warning messages ( https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options- Hardening-Guide-for-C-and-C++#additional-considerations-6 ) are obnoxious enough that we can't possibly ship the implementation that I came up with. ** Affects: gcc-15 (Ubuntu) Importance: Undecided Status: New ** Patch added: "gcc-15_15-20250404-0ubuntu1.1.debdiff" https://bugs.launchpad.net/bugs/2108968/+attachment/5873948/+files/gcc-15_15-20250404-0ubuntu1.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2108968 Title: Enable -fzero-init-padding-bits=all, -Wbidi-chars=any To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gcc-15/+bug/2108968/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
