From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) by sourceware.org (Postfix) with ESMTPS id D0BA83858D1E for ; Tue, 20 Jun 2023 13:47:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D0BA83858D1E Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=owlfolio.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=owlfolio.org Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 09D4E5C027F; Tue, 20 Jun 2023 09:47:04 -0400 (EDT) Received: from imap45 ([10.202.2.95]) by compute1.internal (MEProxy); Tue, 20 Jun 2023 09:47:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=owlfolio.org; h= cc:cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1687268824; x=1687355224; bh=sB 0HhqYtO1JGCJZzOn0HCcNOS55PuLdwuuZlClZr24E=; b=fGlvWcUrHLcuLdY/ME /2QRHvQSj+QmAn+Wcwv5Rzoy+s8i337/7uOAiycUCIaWsSBuOliC6RkMd5DmJWtF qEEnvv+lXjKCeIW1SXxY8oyidb7thif596L1QJbDieCZy2x2yHK0orSDtn1eIUsI q2QF3ekIXh5xFjcaZK672w0w95C7u72DHiC5ns8iWJ1RmeQlRXypfxizvyICHjhX ETbcDjaomz9aOGx9Jaypgimm9kIBljqwfg4lfEKdr1kw1E5D6ly1W0Xqq/OE134Q WXm7+rQEdApe4gILyXBV8V4liPoMAxKe4wsSc0x7FNZoRoK6USsSM3YAAQtz9epe I7Vw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1687268824; x=1687355224; bh=sB0HhqYtO1JGC JZzOn0HCcNOS55PuLdwuuZlClZr24E=; b=UBgnahTWeRyV6/jbkoPTsplSKrHrK i5WTtvQwxlBKwiAo6f0qED0btaWzmNHaWSJWb6n/nwDKM455/Lw5/yAeDqUmMQuc wksRVdSf7KD23yZl/MKcyEi8RatN+NIhsnXT1hw51QKM4whe00+L5rjVrK6m23yQ TojADuUo85CIHJCzcFyJM9Ise62V1MSuCL2OcPyd0CxMIpVz8HhtNNc0cDmGhQIv ZF71/I/liCiAIBhPLHiUv3QI3t+aqP4dPlvOTyB4zpB/vNyPCdKcRkyjkXc050bJ J5vzgNhRpGTW7jKbgDybQMci48gt3tFI/NNScPF9IIpBVo7J15TQE0Mew== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrgeefhedggeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsehttdertderredtnecuhfhrohhmpedfkggr tghkucghvghinhgsvghrghdfuceoiigrtghksehofihlfhholhhiohdrohhrgheqnecugg ftrfgrthhtvghrnhephfelfeehudfhleegheegjeevheeuieehvdfgueeuteetleeiieet heefhfeludeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepiigrtghksehofihlfhholhhiohdrohhrgh X-ME-Proxy: Feedback-ID: i876146a2:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 96FC4272007A; Tue, 20 Jun 2023 09:47:03 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-499-gf27bbf33e2-fm-20230619.001-gf27bbf33 Mime-Version: 1.0 Message-Id: <45d3657d-53b8-4fad-a633-6b657c12e0d1@app.fastmail.com> In-Reply-To: References: <20230617222218.642125-1-bugaevc@gmail.com> <1249c048-c72d-0bf1-f0e0-2e619cfe5372@redhat.com> <783b1d24-f2b4-3a3c-d636-2b231be3b823@linaro.org> <2B723D88-546D-4AA6-8BDA-7B6CC9F5D404@linaro.org> <4F21801F-83DB-44EE-A463-9C6FC42F81B4@linaro.org> <99B8C69B-D3F3-4ED3-9F3B-19BC586BF6B6@linaro.org> Date: Tue, 20 Jun 2023 09:46:43 -0400 From: "Zack Weinberg" To: "Sergey Bugaev" , "Maxim Kuvyrkov" Cc: "Carlos O'Donell" , "Adhemerval Zanella" , "GNU libc development" Subject: Re: [PATCH v3 0/5] fcntl fortification Content-Type: text/plain X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,JMQ_SPF_NEUTRAL,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, Jun 20, 2023, at 8:53 AM, Sergey Bugaev via Libc-alpha wrote: > I'm not using Ubuntu. > Do they just set _FORTIFY_SOURCE by default -- i.e. not only when > building OS packages, but for all compilations? That's... unusual :| To me it looks like they only set it when building packages: $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.1 LTS Release: 22.04 Codename: jammy $ which gcc /usr/bin/gcc $ echo '#include ' | gcc -E -dD -xc - | grep FORTIFY #undef __USE_FORTIFY_LEVEL #define __USE_FORTIFY_LEVEL 0 #define __bos(ptr) __builtin_object_size (ptr, __USE_FORTIFY_LEVEL > 1) $ dpkg-buildflags | grep FORTIFY CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 > It's also concerning that check-installed-headers doesn't check this > configuration (_FORTIFY_SOURCE with non-GNU C standard), and we're > only finding out about this by accident. There's a comment in > check-installed-headers.sh that says: > > # An exhaustive test of feature selection macros would take far too long. > # These are probably the most commonly used three. > > That makes sense when running the testsuite locally since you want it > to finish in minutes, not days, but wouldn't checking all combinations > (or at least _a lot_ more of them) make more sense for CI? When I wrote check-installed-headers, IIRC, the only CI we had was Joseph's build-many-glibcs bot, which was already struggling to keep up just with the load from its own built in list of configurations. It may well make sense to change this now, and I agree that permutations involving _FORTIFY_SOURCE should be a priority since fortification makes so many changes to important headers. zw