Re: [gentoo-user] Should we disable FORTIFY_SOURCE for packages where it is not default?
On Wed, 8 Apr 2009 21:39:26 -0300 Jorge Morais please.no.spam.h...@gmail.com wrote: From the info page of GCC 4.3.3 NOTE: In Gentoo, `-D_FORTIFY_SOURCE=2' is set by default, and is activated when `-O' is set to 2 or higher. This enables additional compile-time and run-time checks for several libc functions. To disable, specify either `-U_FORTIFY_SOURCE' or `-D_FORTIFY_SOURCE=0'. I have seen some FORTIFY_SOURCE bugs in the bugzilla and in some cases, people claim the the bug lies in the FORTIFY_SOURCE feature itself (that is, people claim that FORTIFY_SOURCE misidentifies a buffer overflow). One example: http://bugs.gentoo.org/show_bug.cgi?id=257016 Very rare, but it happens. I have installed GCC-4.3.3 (but have not enabled it through gcc-config yet), but my system is otherwise mostly stable. 1) I would like to use GCC-4.3.3 because it is the latest bugfix release and is presumably more bug-free (correct?). So far, yes. Especially users of -march=amdfam10 flag want this version. 2) But until FORTIFY_SOURCE is stable on Gentoo, I don't want it. How can I disable it? CXXFLAGS=-U_FORTIFY_SOURCE That's where most ebuilds will pick it up. If I add -U_FORTIFY_SOURCE to CPPFLAGS (this would be the correct place to add it, right?), wouldn't it disable the feature for every package, even for those that specify FORTIFY_SOURCE on their own? Yes, but in general, packages have not been specifying _FORTIFY_SOURCE. It's a new feature in recent glibcs that was only made usable in glibc-2.8. I want the traditional behavior: packages that ask for FORTIFY_SOURCE get it, those that don't ask don't get it. Packages don't ask for FORTIFY_SOURCE. They get it, good and hard. FORTIFY_SOURCE is a one-time pain for longterm gain. And of course, do you know if FORTIFY_SOURECE has a significant performance cost and if it is really ready to be default (as in, it is unlikely for new false positives to appear)? It has virtually no performance cost. Also, am I wise to use GCC 4.3.3 compiler in a mostly stable system? At the moment, we are only processing bugs about _FORTIFY_SOURCE when they can be confirmed on ~arch. As long as you're prepared to use package.keywords liberally, it should be mostly ok. /loki_val
Re: [gentoo-user] Should we disable FORTIFY_SOURCE for packages where it is not default?
On Fri, 10 Apr 2009 14:55:36 +0200 Peter Alfredsen loki_...@gentoo.org wrote: CXXFLAGS=-U_FORTIFY_SOURCE That's where most ebuilds will pick it up. +CFLAGS of course. D'oh. /loki_val
Re: [gentoo-user] Should we disable FORTIFY_SOURCE for packages where it is not default?
On Fri, 10 Apr 2009 14:55:36 +0200 Peter Alfredsen loki_...@gentoo.org wrote: I have seen some FORTIFY_SOURCE bugs in the bugzilla and in some cases, people claim the the bug lies in the FORTIFY_SOURCE feature itself (that is, people claim that FORTIFY_SOURCE misidentifies a buffer overflow). One example: http://bugs.gentoo.org/show_bug.cgi?id=257016 Very rare, but it happens. I have installed GCC-4.3.3 (but have not enabled it through gcc-config yet), but my system is otherwise mostly stable. 1) I would like to use GCC-4.3.3 because it is the latest bugfix release and is presumably more bug-free (correct?). So far, yes. Especially users of -march=amdfam10 flag want this version. Thank you. And do you know of any other new behavior from GCC-4.3.2 to GCC-4.3.3 aside from FORTIFY_SOURCE and warning options such as -Wformat? 2) But until FORTIFY_SOURCE is stable on Gentoo, I don't want it. How can I disable it? CXXFLAGS=-U_FORTIFY_SOURCE That's where most ebuilds will pick it up. Sorry to take your time, but CXXFLAGS? Isn't that for extra flags for the C++ compiler? Isn't the appropriate place CPPFLAGS (extra flags for the C preprocessor)? I even remember a Gentoo bug report in which someone criticized a user for putting a macro definition in CFLAGS, and said that certain ebuilds could fail because of it. Also, am I wise to use GCC 4.3.3 compiler in a mostly stable system? At the moment, we are only processing bugs about _FORTIFY_SOURCE when they can be confirmed on ~arch. As long as you're prepared to use package.keywords liberally, it should be mostly ok. A suggestion: with this kind of tracker (like bug 259417), don't you think it would be useful to have separate trackers for build-time bugs and run-time bugs? This way, users who want to test the new feature (GCC-4.3.3 and _FORTIFY_SOURCE in this case) can easily see if there are run-time bugs affecting them. Build-time bugs are much less worrisome for me. Well, this is a suggestion that seems convenient for users, but you obviously know fare more about Gentoo bug-squashing than me. Thank you for your time. -- Software is like sex: it is better when it is free. --Linus Torvalds
[gentoo-user] Should we disable FORTIFY_SOURCE for packages where it is not default?
From the info page of GCC 4.3.3 NOTE: In Gentoo, `-D_FORTIFY_SOURCE=2' is set by default, and is activated when `-O' is set to 2 or higher. This enables additional compile-time and run-time checks for several libc functions. To disable, specify either `-U_FORTIFY_SOURCE' or `-D_FORTIFY_SOURCE=0'. I have seen some FORTIFY_SOURCE bugs in the bugzilla and in some cases, people claim the the bug lies in the FORTIFY_SOURCE feature itself (that is, people claim that FORTIFY_SOURCE misidentifies a buffer overflow). One example: http://bugs.gentoo.org/show_bug.cgi?id=257016 I have installed GCC-4.3.3 (but have not enabled it through gcc-config yet), but my system is otherwise mostly stable. 1) I would like to use GCC-4.3.3 because it is the latest bugfix release and is presumably more bug-free (correct?). 2) But until FORTIFY_SOURCE is stable on Gentoo, I don't want it. How can I disable it? If I add -U_FORTIFY_SOURCE to CPPFLAGS (this would be the correct place to add it, right?), wouldn't it disable the feature for every package, even for those that specify FORTIFY_SOURCE on their own? I want the traditional behavior: packages that ask for FORTIFY_SOURCE get it, those that don't ask don't get it. And of course, do you know if FORTIFY_SOURECE has a significant performance cost and if it is really ready to be default (as in, it is unlikely for new false positives to appear)? Also, am I wise to use GCC 4.3.3 compiler in a mostly stable system? -- Software is like sex: it is better when it is free. --Linus Torvalds