[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing

On Fri, 20 Sep 2013, Kees Cook wrote:
> This is absolutely a bug in glibc. While the spec can say "undefined", it
> is, in fact, not undefined. It worked in a very specific way for over a
> decade, so that's pretty well defined. ;) The fortify function has no need
> to change it.

FWIW +1

> > To mitigate this issue, besides reporting upstream, for now I had to disable
> > this fortification with

> > DEB_BUILD_HARDENING_FORTIFY := 0
> > preceding inclusion of /usr/share/hardening-includes/hardening.make

> Instead, if eglibc continues to remain unfixed, you can replace the
> "buggy" sprintf calls with the suggestions listed in my original mass
> bug-filing email above.

Thanks Kees!  upstream resolved it already... I will eventually add
unittests for this and rebuild freshier upstream.

-- 
Yaroslav O. Halchenko, Ph.D.
http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org
Senior Research Associate,     Psychological and Brain Sciences Dept.
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834                       Fax: +1 (603) 646-1419
WWW:   http://www.linkedin.com/in/yarik
Reply to: