On Tue, Dec 06, 2022 at 01:35:04AM +0100, Jaroslav Prokop wrote:
On 12/5/22 20:58, Ben Cotton wrote:
The core change to bring in this mitigation is to change the default
build flags in `redhat-rpm-config` so that packages build by default
with `-Wp,-D_FORTIFY_SOURCE=3`. There are packages (e.g. `systemd`)
that do not interact well with `_FORTIFY_SOURCE` and will also need a
workaround to downgrade fortification to level 2. The change will also
include this override.
How come systemd gets an exception? If it is a security option, it should be
enabled everywhere.
I don't believe the proposal is that everyone *has* to use this (or at
least, I hope not). Even existing _FORTIFY_SOURCE=2 is optional. I'd
like to know what the problems are that affect systemd however.
I do not see benefit in a security change that ignores PID 1 process,
I agree we should try to cover it.
If the feature, on the GCC side, is not 100% done.
How do I tell a difference of a bug with the _FORTIFY_SOURCE which I will
ignore and a bug with my package?
By looking at the message printed out when the program crashes, I
guess? And if that's not enough information, then asking here.
I do not have the knowledge or the time to be able to say that GCC
generated the wrong machine code and therefore it is not a bug with
my package. If my program was not complaining before the change and
is now complaining with the change, I am opting out of the change,
and filing a bug against GCC on Fedora.
GCC & Fedora developers have been very responsive on these kinds of
issues in the past. No one wants a compiler with code gen problems.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
nbdkit - Flexible, fast NBD server with plugins
https://gitlab.com/nbdkit/nbdkit