Re: Seeking hardening flag / blhc expoert
So apparently the 'D_FORTIFY_SOURCE=2' is in CPPFLAGS (not read by
cmake) but not in CXXFLAGS (read by cmake)[1].
So maybe I should define?
CXXFLAGS=$(CXXFLAGS) $(CPPFLAGS)
This is the current state of mysqld, should I be happy with this or is
it relevant that all functions are protected?
hardening-check --verbose --color mysqld
mysqld:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
unprotected: strcpy
unprotected: strcat
unprotected: recv
unprotected: snprintf
unprotected: getcwd
unprotected: readlink
unprotected: memset
unprotected: poll
unprotected: fread
unprotected: fgets
unprotected: strncpy
unprotected: sprintf
unprotected: stpcpy
unprotected: strncat
unprotected: memcpy
unprotected: read
unprotected: confstr
unprotected: pread64
unprotected: memmove
unprotected: gethostname
protected: strcpy
protected: snprintf
protected: vfprintf
protected: memset
protected: poll
protected: vasprintf
protected: fread
protected: strncpy
protected: sprintf
protected: vsprintf
protected: memcpy
protected: fdelt
protected: realpath
protected: pread64
protected: vsnprintf
protected: fprintf
protected: memmove
protected: printf
Read-only relocations: yes
Immediate binding: yes
[1] https://cmake.org/Bug/view.php?id=12928
Reply to: