From: "Zack Weinberg" <zack@owlfolio.org>
To: "Sergey Bugaev" <bugaevc@gmail.com>,
"Maxim Kuvyrkov" <maxim.kuvyrkov@linaro.org>
Cc: "Carlos O'Donell" <carlos@redhat.com>,
"Adhemerval Zanella" <adhemerval.zanella@linaro.org>,
"GNU libc development" <libc-alpha@sourceware.org>
Subject: Re: [PATCH v3 0/5] fcntl fortification
Date: Tue, 20 Jun 2023 09:46:43 -0400 [thread overview]
Message-ID: <45d3657d-53b8-4fad-a633-6b657c12e0d1@app.fastmail.com> (raw)
In-Reply-To: <CAN9u=HdLDFFRd-Z9iZg+1VKaUTSqm8YhJVOEHWSdUh0eg16vtA@mail.gmail.com>
On Tue, Jun 20, 2023, at 8:53 AM, Sergey Bugaev via Libc-alpha wrote:
> I'm not using Ubuntu.
> Do they just set _FORTIFY_SOURCE by default -- i.e. not only when
> building OS packages, but for all compilations? That's... unusual :|
To me it looks like they only set it when building packages:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
$ which gcc
/usr/bin/gcc
$ echo '#include <string.h>' | gcc -E -dD -xc - | grep FORTIFY
#undef __USE_FORTIFY_LEVEL
#define __USE_FORTIFY_LEVEL 0
#define __bos(ptr) __builtin_object_size (ptr, __USE_FORTIFY_LEVEL > 1)
$ dpkg-buildflags | grep FORTIFY
CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2
> It's also concerning that check-installed-headers doesn't check this
> configuration (_FORTIFY_SOURCE with non-GNU C standard), and we're
> only finding out about this by accident. There's a comment in
> check-installed-headers.sh that says:
>
> # An exhaustive test of feature selection macros would take far too long.
> # These are probably the most commonly used three.
>
> That makes sense when running the testsuite locally since you want it
> to finish in minutes, not days, but wouldn't checking all combinations
> (or at least _a lot_ more of them) make more sense for CI?
When I wrote check-installed-headers, IIRC, the only CI we had was
Joseph's build-many-glibcs bot, which was already struggling to keep
up just with the load from its own built in list of configurations.
It may well make sense to change this now, and I agree that permutations
involving _FORTIFY_SOURCE should be a priority since fortification makes
so many changes to important headers.
zw
next prev parent reply other threads:[~2023-06-20 13:47 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-17 22:22 Sergey Bugaev
2023-06-17 22:22 ` [PATCH v3 1/5] support: Add support_fcntl_support_ofd_locks () Sergey Bugaev
2023-06-17 22:22 ` [PATCH v3 2/5] cdefs.h: Define __glibc_warn_system_headers_{begin,end} Sergey Bugaev
2023-06-17 22:22 ` [PATCH v3 3/5] cdefs.h: Enable __errordecl & __warnattr for Clang 14+ Sergey Bugaev
2023-06-17 22:22 ` [PATCH v3 4/5] io: Add FORTIFY_SOURCE check for fcntl arguments Sergey Bugaev
2023-06-17 22:22 ` [PATCH v3 5/5] io: Also verify 2-arg fctnl calls at runtime Sergey Bugaev
2023-06-19 12:58 ` [PATCH v3 0/5] fcntl fortification Carlos O'Donell
2023-06-19 14:23 ` Sergey Bugaev
2023-06-19 18:36 ` Adhemerval Zanella Netto
2023-06-20 5:59 ` Maxim Kuvyrkov
2023-06-20 7:33 ` Sergey Bugaev
2023-06-20 9:41 ` Maxim Kuvyrkov
2023-06-20 11:28 ` Sergey Bugaev
2023-06-20 12:38 ` Maxim Kuvyrkov
2023-06-20 12:53 ` Sergey Bugaev
2023-06-20 13:40 ` Adhemerval Zanella Netto
2023-06-20 13:47 ` Zack Weinberg
2023-06-20 13:46 ` Zack Weinberg [this message]
2023-06-20 12:50 ` Adhemerval Zanella Netto
2023-06-20 14:21 ` Frederic Berat
2023-07-21 13:59 ` Adhemerval Zanella Netto
2023-07-21 15:50 ` Sergey Bugaev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45d3657d-53b8-4fad-a633-6b657c12e0d1@app.fastmail.com \
--to=zack@owlfolio.org \
--cc=adhemerval.zanella@linaro.org \
--cc=bugaevc@gmail.com \
--cc=carlos@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=maxim.kuvyrkov@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).