From: Andreas Schwab <schwab@suse.de>
To: Siddhesh Poyarekar <siddhesh@gotplt.org>
Cc: "Frédéric Bérat" <fberat@redhat.com>,
libc-alpha@sourceware.org,
"Adhemerval Zanella" <adhemerval.zanella@linaro.org>
Subject: Re: [PATCH v3 16/16] Add --enable-fortify-source option
Date: Mon, 03 Jul 2023 10:50:01 +0200 [thread overview]
Message-ID: <mvmilb1tm4m.fsf@suse.de> (raw)
In-Reply-To: <d9d54d43-5e01-29bf-e304-f4eebbe3ee8e@gotplt.org> (Siddhesh Poyarekar's message of "Fri, 30 Jun 2023 09:51:45 -0400")
On Jun 30 2023, Siddhesh Poyarekar wrote:
> On 2023-06-28 04:42, Frédéric Bérat wrote:
>> It is now possible to enable fortification through a configure option.
>> The level may be given as parameter, if none is provided, the configure
>> script will determine what is the highest level possible that can be set
>> considering GCC built-ins availability and set it.
>> If level is explicitly set to 3, configure checks if the compiler
>> supports the built-in function necessary for it or raise an error if it
>> isn't.
>> The result of the configure checks is a new variables, ${fortify_source}
>> that can be used to appropriately populate CFLAGS.
>> Updated NEWS and INSTALL.
>> Adding dedicated x86_64 variant that enables the configuration.
>
> Adhemerval, do you still think we should drop this and only look at
> CFLAGS? I am still not a 100% convinced that we should only look at
> CFLAGS (it gives much less control which makes me uneasy) but I see your
> point. We'll be setting CFLAGS in Fedora anyway (which I guess will be
> true for Ubuntu, Gentoo, Debian, etc. too) and the pre-commit CI will
> likely have _FORTIFY_SOURCE disabled so we may have adequate coverage.
I prefer a configure option, mirroring --enable-stack-protector. Since
glibc has very strict requirements wrt compiler flags it needs to handle
it specially anyway, and making it explicit is cleaner.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."
next prev parent reply other threads:[~2023-07-03 8:50 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-28 8:42 [PATCH v3 00/16] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
2023-06-28 8:42 ` [PATCH v3 01/16] " Frédéric Bérat
2023-06-28 14:48 ` Joseph Myers
2023-06-28 8:42 ` [PATCH v3 02/16] Exclude routines from fortification Frédéric Bérat
2023-06-30 14:55 ` Siddhesh Poyarekar
2023-07-03 15:16 ` Frederic Berat
2023-07-04 16:04 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 03/16] sysdeps: Ensure ieee128*_chk routines to be properly named Frédéric Bérat
2023-06-30 14:58 ` Siddhesh Poyarekar
2023-06-30 15:55 ` Paul E Murphy
2023-06-30 15:57 ` Frederic Berat
2023-06-28 8:42 ` [PATCH v3 04/16] string: Ensure *_chk routines have their hidden builtin definition available Frédéric Bérat
2023-06-30 15:06 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 05/16] stdio: " Frédéric Bérat
2023-06-30 15:09 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 06/16] asprintf_chk: Ensure compatibility for both s390x and ppc64le Frédéric Bérat
2023-06-30 15:11 ` Siddhesh Poyarekar
2023-06-30 16:08 ` Rajalakshmi Srinivasaraghavan
2023-06-30 17:51 ` Paul E Murphy
2023-07-03 5:35 ` Frederic Berat
2023-06-28 8:42 ` [PATCH v3 07/16] misc/sys/cdefs.h: Create FORTIFY redirects for internal calls Frédéric Bérat
2023-06-30 15:13 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 08/16] wchar: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-06-30 15:17 ` Siddhesh Poyarekar
2023-06-30 15:26 ` Frederic Berat
2023-06-28 8:42 ` [PATCH v3 09/16] posix/bits/unistd.h: Clearly separate declaration from definitions Frédéric Bérat
2023-06-30 15:19 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 10/16] unistd: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-06-30 15:25 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 11/16] misc/bits/select2.h: Clearly separate declaration from definitions Frédéric Bérat
2023-06-30 15:26 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 12/16] misc/bits/syslog.h: Clearly separate declaration from definition Frédéric Bérat
2023-06-30 15:28 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 13/16] libio/bits/stdio2.h: Clearly separate declaration from definitions Frédéric Bérat
2023-06-30 15:29 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 14/16] libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-06-30 15:30 ` Siddhesh Poyarekar
2023-06-30 15:38 ` Frederic Berat
2023-06-30 15:48 ` Siddhesh Poyarekar
2023-06-30 17:08 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 15/16] sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result Frédéric Bérat
2023-06-30 15:33 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 16/16] Add --enable-fortify-source option Frédéric Bérat
2023-06-30 13:51 ` Siddhesh Poyarekar
2023-07-03 8:50 ` Andreas Schwab [this message]
2023-07-03 12:51 ` Adhemerval Zanella Netto
2023-07-04 12:40 ` Frederic Berat
2023-07-04 15:59 ` Siddhesh Poyarekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=mvmilb1tm4m.fsf@suse.de \
--to=schwab@suse.de \
--cc=adhemerval.zanella@linaro.org \
--cc=fberat@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=siddhesh@gotplt.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).