| 1 |
On Wed, 8 Apr 2009 21:39:26 -0300 |
| 2 |
Jorge Morais <please.no.spam.here@×××××.com> wrote: |
| 3 |
|
| 4 |
> From the info page of GCC 4.3.3 |
| 5 |
> NOTE: In Gentoo, `-D_FORTIFY_SOURCE=2' is set by default, and is |
| 6 |
> activated when `-O' is set to 2 or higher. This enables |
| 7 |
> additional compile-time and run-time checks for several libc |
| 8 |
> functions. To disable, specify either `-U_FORTIFY_SOURCE' or |
| 9 |
> `-D_FORTIFY_SOURCE=0'. |
| 10 |
> |
| 11 |
> I have seen some FORTIFY_SOURCE bugs in the bugzilla and in some |
| 12 |
> cases, people claim the the bug lies in the FORTIFY_SOURCE feature |
| 13 |
> itself (that is, people claim that FORTIFY_SOURCE misidentifies a |
| 14 |
> buffer overflow). One example: |
| 15 |
> http://bugs.gentoo.org/show_bug.cgi?id=257016 |
| 16 |
|
| 17 |
Very rare, but it happens. |
| 18 |
|
| 19 |
> I have installed GCC-4.3.3 (but have not enabled it through |
| 20 |
> gcc-config yet), but my system is otherwise mostly stable. |
| 21 |
> |
| 22 |
> 1) I would like to use GCC-4.3.3 because it is the latest bugfix |
| 23 |
> release and is presumably more bug-free (correct?). |
| 24 |
|
| 25 |
So far, yes. Especially users of -march=amdfam10 flag want this |
| 26 |
version. |
| 27 |
|
| 28 |
> 2) But until FORTIFY_SOURCE is stable on Gentoo, I don't want it. |
| 29 |
> How can I disable it? |
| 30 |
|
| 31 |
CXXFLAGS="-U_FORTIFY_SOURCE" |
| 32 |
|
| 33 |
That's where most ebuilds will pick it up. |
| 34 |
|
| 35 |
> If I add -U_FORTIFY_SOURCE to CPPFLAGS (this would be the correct |
| 36 |
> place to add it, right?), wouldn't it disable the feature for every |
| 37 |
> package, even for those that specify FORTIFY_SOURCE on their own? |
| 38 |
|
| 39 |
Yes, but in general, packages have not been specifying _FORTIFY_SOURCE. |
| 40 |
It's a new feature in recent glibcs that was only made usable in |
| 41 |
glibc-2.8. |
| 42 |
|
| 43 |
> I want the traditional behavior: packages that ask for FORTIFY_SOURCE |
| 44 |
> get it, those that don't ask don't get it. |
| 45 |
|
| 46 |
Packages don't ask for FORTIFY_SOURCE. They get it, good and hard. |
| 47 |
FORTIFY_SOURCE is a one-time pain for longterm gain. |
| 48 |
|
| 49 |
> And of course, do you know if FORTIFY_SOURECE has a significant |
| 50 |
> performance cost and if it is really ready to be default (as in, |
| 51 |
> it is unlikely for new false positives to appear)? |
| 52 |
|
| 53 |
It has virtually no performance cost. |
| 54 |
|
| 55 |
> Also, am I wise to use GCC 4.3.3 compiler in a mostly stable system? |
| 56 |
|
| 57 |
At the moment, we are only processing bugs about _FORTIFY_SOURCE when |
| 58 |
they can be confirmed on ~arch. As long as you're prepared to use |
| 59 |
package.keywords liberally, it should be mostly ok. |
| 60 |
|
| 61 |
/loki_val |
Archives