From: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
To: Sergey Bugaev <bugaevc@gmail.com>,
Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org>
Cc: Carlos O'Donell <carlos@redhat.com>,
Libc-alpha <libc-alpha@sourceware.org>
Subject: Re: [PATCH v3 0/5] fcntl fortification
Date: Tue, 20 Jun 2023 10:40:10 -0300 [thread overview]
Message-ID: <53aba94c-c2bb-1810-51b9-5c0775881388@linaro.org> (raw)
In-Reply-To: <CAN9u=HdLDFFRd-Z9iZg+1VKaUTSqm8YhJVOEHWSdUh0eg16vtA@mail.gmail.com>
On 20/06/23 09:53, Sergey Bugaev wrote:
> On Tue, Jun 20, 2023 at 3:38 PM Maxim Kuvyrkov
> <maxim.kuvyrkov@linaro.org> wrote:
>> We don't set _FORTIFY_SOURCE in our CI's glibc build, but, I think, it comes from Ubuntu's GCC, where it may be enabled by default. Or are you using Ubuntu and not seeing this with default Ubuntu toolchain?
>
> I'm not using Ubuntu.
>
> Do they just set _FORTIFY_SOURCE by default -- i.e. not only when
> building OS packages, but for all compilations? That's... unusual :|
It does for any optimized build:
$ gcc -v 2>&1 | grep 'gcc version'
gcc version 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04.1)
$ gcc -dM -E - < /dev/null | grep -w _FORTIFY_SOURCE
$ gcc -O2 -dM -E - < /dev/null | grep -w _FORTIFY_SOURCE
#define _FORTIFY_SOURCE 2
And I think this is a common configuration for recent distros.
>
> It's also concerning that check-installed-headers doesn't check this
> configuration (_FORTIFY_SOURCE with non-GNU C standard), and we're
> only finding out about this by accident. There's a comment in
> check-installed-headers.sh that says:
>
> # An exhaustive test of feature selection macros would take far too long.
> # These are probably the most commonly used three.
>
> That makes sense when running the testsuite locally since you want it
> to finish in minutes, not days, but wouldn't checking all combinations
> (or at least _a lot_ more of them) make more sense for CI?
>
I think it is worth to extend check-installed-headers.sh to include
fortify as well, specially because it is now being enabled as default
on multiple configurations.
next prev parent reply other threads:[~2023-06-20 13:40 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-17 22:22 Sergey Bugaev
2023-06-17 22:22 ` [PATCH v3 1/5] support: Add support_fcntl_support_ofd_locks () Sergey Bugaev
2023-06-17 22:22 ` [PATCH v3 2/5] cdefs.h: Define __glibc_warn_system_headers_{begin,end} Sergey Bugaev
2023-06-17 22:22 ` [PATCH v3 3/5] cdefs.h: Enable __errordecl & __warnattr for Clang 14+ Sergey Bugaev
2023-06-17 22:22 ` [PATCH v3 4/5] io: Add FORTIFY_SOURCE check for fcntl arguments Sergey Bugaev
2023-06-17 22:22 ` [PATCH v3 5/5] io: Also verify 2-arg fctnl calls at runtime Sergey Bugaev
2023-06-19 12:58 ` [PATCH v3 0/5] fcntl fortification Carlos O'Donell
2023-06-19 14:23 ` Sergey Bugaev
2023-06-19 18:36 ` Adhemerval Zanella Netto
2023-06-20 5:59 ` Maxim Kuvyrkov
2023-06-20 7:33 ` Sergey Bugaev
2023-06-20 9:41 ` Maxim Kuvyrkov
2023-06-20 11:28 ` Sergey Bugaev
2023-06-20 12:38 ` Maxim Kuvyrkov
2023-06-20 12:53 ` Sergey Bugaev
2023-06-20 13:40 ` Adhemerval Zanella Netto [this message]
2023-06-20 13:47 ` Zack Weinberg
2023-06-20 13:46 ` Zack Weinberg
2023-06-20 12:50 ` Adhemerval Zanella Netto
2023-06-20 14:21 ` Frederic Berat
2023-07-21 13:59 ` Adhemerval Zanella Netto
2023-07-21 15:50 ` Sergey Bugaev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53aba94c-c2bb-1810-51b9-5c0775881388@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=bugaevc@gmail.com \
--cc=carlos@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=maxim.kuvyrkov@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).