On Tue, Jan 29, 2008 at 09:48:43PM +0000, William Pitcock wrote: > On Tue, 2008-01-29 at 22:37 +0100, Pierre Habouzit wrote: > > On Tue, Jan 29, 2008 at 09:16:24PM +0000, Moritz Muehlenhoff wrote: > > > Fortify Source > > > ============== > > > > > > This feature adds validation for internal C functions such as strcpy > > > for buffer sizes known during compile time. While vulnerabilities in > > > the functions it protects have become uncommon in high-profile apps, > > > it will be useful for fringe packages we have in the archive. > > > > > > This feature is present in glibc since version 2.5, and is enabled > > > through the use of "-D_FORTIFY_SOURCE=2" and "-O2" or higher. > > > > > > > Well, -D_FORTIFY_SOURCE=2 is a severe performance loss in many > > applications, and I wouldn't recommend activating it by default. =1 has > > not the drawback with that regard though, but is less useful security > > wise (though it catch many programmatic issues, and full archive rebuild > > with -D_FORTIFY_SOURCE=1 would be worthwile independently of this). > > > > Out of curiosity, what applications in particular does > -D_FORTIFY_SOURCE=2 cause issues in? It may be worthwhile to profile > this feature and correct it's behaviour if the performance loss is that > big of a deal. Basically any application that uses memcpy/memmove and some other common <string.h> functions heavily. -- ·O· Pierre Habouzit ··O madcoder@debian.org OOO http://www.madism.org
Attachment:
pgpJ6fqsHN9Zq.pgp
Description: PGP signature