Re: Bug#552688: Please decide how Debian should enable hardening build flags

[Jonathan Nieder <jrnieder@gmail.com>]

dave b wrote:
> On 21 November 2010 02:45, Jonathan Nieder <jrnieder@gmail.com> wrote:

>> Also, I am not the GCC maintainer, but from experience of receiving
>> reports from people building software with Ubuntu, I think changing
>> the defaults in GCC is quite wrong.
>
> Why do you think this?

Well, I should scale that back a little and say, an easy way for
individual users to turn on hardening build flags in GCC is very
welcome.

My comment is really about the default.  The main problem I had in
mind is that with -D_FORTIFY_SOURCE=2, if you are not specifically
coding with that in mind, there are spurious warnings like this:

	some-file.c:70: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result

Sometimes that may be a welcome warning, but often enough one knows
very well that errors are being ignored.  And

	(void) whatever_function(...

does not suppress this; you instead have to uglify your code like so:

	int unused = whatever_function(...

The consequences are worst when a person or project makes the
misguided choice of using -Werror on code he is not developing.
Then with a GCC update, the code starts to fail to build from source,
for confusing reasons like the above, without much of an upside to
the non-developer to offset that.

That said, the burden of handling fallout like this seems perfectly
acceptable for a project like Debian to take on.  It is not such a
cost for secure code.  That is why I would be happy to see hardening
flags added for the build of Debian packages, though not for the
default invocation of gcc.

Hoping that is clearer.
Jonathan