From the info page of GCC 4.3.3 NOTE: In Gentoo, `-D_FORTIFY_SOURCE=2' is set by default, and is activated when `-O' is set to 2 or higher. This enables additional compile-time and run-time checks for several libc functions. To disable, specify either `-U_FORTIFY_SOURCE' or `-D_FORTIFY_SOURCE=0'.
I have seen some FORTIFY_SOURCE bugs in the bugzilla and in some cases, people claim the the bug lies in the FORTIFY_SOURCE feature itself (that is, people claim that FORTIFY_SOURCE misidentifies a buffer overflow). One example: http://bugs.gentoo.org/show_bug.cgi?id=257016 I have installed GCC-4.3.3 (but have not enabled it through gcc-config yet), but my system is otherwise mostly stable. 1) I would like to use GCC-4.3.3 because it is the latest bugfix release and is presumably more bug-free (correct?). 2) But until FORTIFY_SOURCE is stable on Gentoo, I don't want it. How can I disable it? If I add -U_FORTIFY_SOURCE to CPPFLAGS (this would be the correct place to add it, right?), wouldn't it disable the feature for every package, even for those that specify FORTIFY_SOURCE on their own? I want the traditional behavior: packages that ask for FORTIFY_SOURCE get it, those that don't ask don't get it. And of course, do you know if FORTIFY_SOURECE has a significant performance cost and if it is really ready to be default (as in, it is unlikely for new false positives to appear)? Also, am I wise to use GCC 4.3.3 compiler in a mostly stable system? -- Software is like sex: it is better when it is free. --Linus Torvalds