[Bug libc/20422] do not allow asan/msan/tsan and fortify at the same time.

[Bug libc/20422] do not allow asan/msan/tsan and fortify at the same time.

[sam at gentoo dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=20422

Sam James <sam at gentoo dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sam at gentoo dot org

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/20422] do not allow asan/msan/tsan and fortify at the same time.

[sam at gentoo dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=20422

--- Comment #8 from Sam James <sam at gentoo dot org> ---
(In reply to Florian Weimer from comment #5)
> These days, _FORTIFY_SOURCE covers additional aspects (including enhanced
> compile-time type safety), not just buffer-length checking.  I'm not sure
> what the current expectations regarding the sanitizers are.  Is it the norm
> to compile twice, for production (with -D_FORTIFY_SOURCE=2), and for special
> testing with the required sanitizer?
> 
> I'm asking this because if there is just a single compile (say with Address
> Sanitizer), then I think we need to make the enhanced type safety (and other
> goodies) available to sanitizer users as well.

While I'd like those goodies to be available, ASAN shouldn't be used in
production, hence the double building is expected.

The main reason is that the ASAN runtime provides a privilege escalation
primitive because it reads env vars to decide which log files to write to.

(GWP-ASAN is a different implementation with different properties that is only
similar to ASAN in name, it can be used in production.)

-- 
You are receiving this mail because:
You are on the CC list for the bug.