Re: Bug#552688: Please decide how Debian should enable hardening build flags
dave b wrote:
> On 21 November 2010 02:45, Jonathan Nieder <jrnieder@gmail.com> wrote:
>> Also, I am not the GCC maintainer, but from experience of receiving
>> reports from people building software with Ubuntu, I think changing
>> the defaults in GCC is quite wrong.
>
> Why do you think this?
Well, I should scale that back a little and say, an easy way for
individual users to turn on hardening build flags in GCC is very
welcome.
My comment is really about the default. The main problem I had in
mind is that with -D_FORTIFY_SOURCE=2, if you are not specifically
coding with that in mind, there are spurious warnings like this:
some-file.c:70: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result
Sometimes that may be a welcome warning, but often enough one knows
very well that errors are being ignored. And
(void) whatever_function(...
does not suppress this; you instead have to uglify your code like so:
int unused = whatever_function(...
The consequences are worst when a person or project makes the
misguided choice of using -Werror on code he is not developing.
Then with a GCC update, the code starts to fail to build from source,
for confusing reasons like the above, without much of an upside to
the non-developer to offset that.
That said, the burden of handling fallout like this seems perfectly
acceptable for a project like Debian to take on. It is not such a
cost for secure code. That is why I would be happy to see hardening
flags added for the build of Debian packages, though not for the
default invocation of gcc.
Hoping that is clearer.
Jonathan
Reply to: