From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oo1-xc2b.google.com (mail-oo1-xc2b.google.com [IPv6:2607:f8b0:4864:20::c2b]) by sourceware.org (Postfix) with ESMTPS id 57FAB3858024 for ; Tue, 20 Jun 2023 13:40:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 57FAB3858024 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-oo1-xc2b.google.com with SMTP id 006d021491bc7-558a79941c6so3145157eaf.3 for ; Tue, 20 Jun 2023 06:40:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1687268414; x=1689860414; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=ggoazAF8Fa/+Wp9OPqORh5Qg2IwmlFDTG4/hipCftO8=; b=RtIkrJBANmoO89eG7D/RSO91xNszu8/tlRyMnEhOync1Qk43TuCtn/Xz9CSI2Mja1A fdql9NEUjHp2IKJiZ4AVc7v8S5OVE9V6Au+034tg5leUtzaLuWNmVi2pRQrGifptnMlr CRUEIphEuHIySMXNaSxzWhDQWqiWWs5hpH/bASi1THRmm6SJNdKYII+9gzow4PRSkwi+ ndixk49Yh3UidYJcDOHGhlZOPtDHP+ZXUh8qk9ChwAmEI5w9UNkV2GQ0CLSZbgPHdnqq pZuLFMllFjMsM3eqp30hA0YH74Gm7l/OzpqWK2NBPn69hqGjkm4ZA7FaQnXidWaLoQG5 EseQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687268414; x=1689860414; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ggoazAF8Fa/+Wp9OPqORh5Qg2IwmlFDTG4/hipCftO8=; b=ZJMR7Gggpx4ZrLOjrvJV8su7ob/VIydNetK68iHCfZiMEEk/BqoCQevYk5yE3eM9a5 0yYg1MS1dG0KL3JE0qlI9P6obvvPyxcFMiVJX00xA689eezyMXbRq/J+KpwUNTVwNOd/ OOHjOuhEq3zD76aYFYbW7KHYW5gftMaFS28sRiyfyS1Nj2VS3piutNogyRKprjEbf6vI 9vdvZSjYu3vyNAuoixMZZosnPuSk+EdE6ccu8fYkzT+AEvHJPNpp+zGe74b4OhRYP0Db TMSOAx3K08EMfZ8XFKcxW6X7B35uctBLoNNW+9kwq8KmkdnrMsUVIytOiQtghm1SJ2D3 5pNg== X-Gm-Message-State: AC+VfDwd58mifNHZhb02nQR4B05zD97HlF7bACeNV0p+acWMs+vPAJws RSexB0PrZMYTHS+FdHLIv0uz5Q== X-Google-Smtp-Source: ACHHUZ7wcGNsD1nOmBqZz1x3jp0e/nqojjSKn/q78oM0A/TJMZ/c87+tm+h76FuKEO0RwW6m9TFi9A== X-Received: by 2002:a05:6808:1407:b0:39e:dde3:485 with SMTP id w7-20020a056808140700b0039edde30485mr6680778oiv.41.1687268414241; Tue, 20 Jun 2023 06:40:14 -0700 (PDT) Received: from ?IPV6:2804:1b3:a7c2:a14c:5cc9:ceb9:f9ce:f71c? ([2804:1b3:a7c2:a14c:5cc9:ceb9:f9ce:f71c]) by smtp.gmail.com with ESMTPSA id o13-20020a0568080f8d00b003a034e62741sm1092896oiw.2.2023.06.20.06.40.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 20 Jun 2023 06:40:13 -0700 (PDT) Message-ID: <53aba94c-c2bb-1810-51b9-5c0775881388@linaro.org> Date: Tue, 20 Jun 2023 10:40:10 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH v3 0/5] fcntl fortification Content-Language: en-US To: Sergey Bugaev , Maxim Kuvyrkov Cc: Carlos O'Donell , Libc-alpha References: <20230617222218.642125-1-bugaevc@gmail.com> <1249c048-c72d-0bf1-f0e0-2e619cfe5372@redhat.com> <783b1d24-f2b4-3a3c-d636-2b231be3b823@linaro.org> <2B723D88-546D-4AA6-8BDA-7B6CC9F5D404@linaro.org> <4F21801F-83DB-44EE-A463-9C6FC42F81B4@linaro.org> <99B8C69B-D3F3-4ED3-9F3B-19BC586BF6B6@linaro.org> From: Adhemerval Zanella Netto Organization: Linaro In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 20/06/23 09:53, Sergey Bugaev wrote: > On Tue, Jun 20, 2023 at 3:38 PM Maxim Kuvyrkov > wrote: >> We don't set _FORTIFY_SOURCE in our CI's glibc build, but, I think, it comes from Ubuntu's GCC, where it may be enabled by default. Or are you using Ubuntu and not seeing this with default Ubuntu toolchain? > > I'm not using Ubuntu. > > Do they just set _FORTIFY_SOURCE by default -- i.e. not only when > building OS packages, but for all compilations? That's... unusual :| It does for any optimized build: $ gcc -v 2>&1 | grep 'gcc version' gcc version 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04.1) $ gcc -dM -E - < /dev/null | grep -w _FORTIFY_SOURCE $ gcc -O2 -dM -E - < /dev/null | grep -w _FORTIFY_SOURCE #define _FORTIFY_SOURCE 2 And I think this is a common configuration for recent distros. > > It's also concerning that check-installed-headers doesn't check this > configuration (_FORTIFY_SOURCE with non-GNU C standard), and we're > only finding out about this by accident. There's a comment in > check-installed-headers.sh that says: > > # An exhaustive test of feature selection macros would take far too long. > # These are probably the most commonly used three. > > That makes sense when running the testsuite locally since you want it > to finish in minutes, not days, but wouldn't checking all combinations > (or at least _a lot_ more of them) make more sense for CI? > I think it is worth to extend check-installed-headers.sh to include fortify as well, specially because it is now being enabled as default on multiple configurations.