1 |
On Wed, 8 Apr 2009 21:39:26 -0300 |
2 |
Jorge Morais <please.no.spam.here@×××××.com> wrote: |
3 |
|
4 |
> From the info page of GCC 4.3.3 |
5 |
> NOTE: In Gentoo, `-D_FORTIFY_SOURCE=2' is set by default, and is |
6 |
> activated when `-O' is set to 2 or higher. This enables |
7 |
> additional compile-time and run-time checks for several libc |
8 |
> functions. To disable, specify either `-U_FORTIFY_SOURCE' or |
9 |
> `-D_FORTIFY_SOURCE=0'. |
10 |
> |
11 |
> I have seen some FORTIFY_SOURCE bugs in the bugzilla and in some |
12 |
> cases, people claim the the bug lies in the FORTIFY_SOURCE feature |
13 |
> itself (that is, people claim that FORTIFY_SOURCE misidentifies a |
14 |
> buffer overflow). One example: |
15 |
> http://bugs.gentoo.org/show_bug.cgi?id=257016 |
16 |
|
17 |
Very rare, but it happens. |
18 |
|
19 |
> I have installed GCC-4.3.3 (but have not enabled it through |
20 |
> gcc-config yet), but my system is otherwise mostly stable. |
21 |
> |
22 |
> 1) I would like to use GCC-4.3.3 because it is the latest bugfix |
23 |
> release and is presumably more bug-free (correct?). |
24 |
|
25 |
So far, yes. Especially users of -march=amdfam10 flag want this |
26 |
version. |
27 |
|
28 |
> 2) But until FORTIFY_SOURCE is stable on Gentoo, I don't want it. |
29 |
> How can I disable it? |
30 |
|
31 |
CXXFLAGS="-U_FORTIFY_SOURCE" |
32 |
|
33 |
That's where most ebuilds will pick it up. |
34 |
|
35 |
> If I add -U_FORTIFY_SOURCE to CPPFLAGS (this would be the correct |
36 |
> place to add it, right?), wouldn't it disable the feature for every |
37 |
> package, even for those that specify FORTIFY_SOURCE on their own? |
38 |
|
39 |
Yes, but in general, packages have not been specifying _FORTIFY_SOURCE. |
40 |
It's a new feature in recent glibcs that was only made usable in |
41 |
glibc-2.8. |
42 |
|
43 |
> I want the traditional behavior: packages that ask for FORTIFY_SOURCE |
44 |
> get it, those that don't ask don't get it. |
45 |
|
46 |
Packages don't ask for FORTIFY_SOURCE. They get it, good and hard. |
47 |
FORTIFY_SOURCE is a one-time pain for longterm gain. |
48 |
|
49 |
> And of course, do you know if FORTIFY_SOURECE has a significant |
50 |
> performance cost and if it is really ready to be default (as in, |
51 |
> it is unlikely for new false positives to appear)? |
52 |
|
53 |
It has virtually no performance cost. |
54 |
|
55 |
> Also, am I wise to use GCC 4.3.3 compiler in a mostly stable system? |
56 |
|
57 |
At the moment, we are only processing bugs about _FORTIFY_SOURCE when |
58 |
they can be confirmed on ~arch. As long as you're prepared to use |
59 |
package.keywords liberally, it should be mostly ok. |
60 |
|
61 |
/loki_val |