On 1/18/23 19:31, Levente Polyak wrote:
A new RFC (request for comment) has been opened here:
https://gitlab.archlinux.org/archlinux/rfcs/-/merge_requests/17
Please visit the above link for discussion.
Summary:
Adjust packaging CFLAGS from -D_FORTIFY_SOURCE=2 to -D_FORTIFY_SOURCE=3
for better fortification coverage
Hi Levente - I'm not permissioned on arch-dev list or gitlab so replying
direct + arch-general - hope that's okay.
You are likely already aware, but sharing as saw no mention about this
in the rfc discussion.
There aare these comments from Fedora / Redhat regarding level 3 and
systemd not working with it which looks relevant [1] [2]
"There are packages (e.g. systemd) that do not interact well with
_FORTIFY_SOURCE and will also need a workaround to downgrade
fortification to level 2. "
and in detail:
"_FORTIFY_SOURCE=3 revealed another pattern. Applications such as
systemd used malloc_usable_size to determine available space in objects
and then used the residual space. The glibc manual discourages this type
of usage, dictating that malloc_usable_size is for diagnostic purposes
only. But applications use the function as a hack to avoid reallocating
buffers when there is space in the underlying malloc chunk. The
implementation of malloc_usable_size needs to be fixed to return the
allocated object size instead of the chunk size in non-diagnostic use.
Alternatively, another solution is to deprecate the function. But that
is a topic for discussion by the glibc community."
regards
gene
[1]
https://fedoraproject.org/wiki/Changes/Add_FORTIFY_SOURCE%3D3_to_distribution_build_flags
[2]
https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level#
