On Thu, Apr 04, 2013 at 09:26:34AM -0400, Steve Grubb wrote: > Last week I was looking at nspr and wondering why fortify_source was not > getting used and found that it wrapped functions for "portability". For > example, it has PL_strcpy which only wraps strcpy. The problem is the size > information is lost by the wrapping so that the fortify macros have nothing to > work with. I know this is a common technique, I've seen it a lot. But this > idiom defeats a security mechanism. Wrapping memory and string ops (except perhaps for wrapping in inline functions) is a terrible idea, not just because of -D_FORTIFY_SOURCE, but for many other reasons too, the compiler then can't optimize the calls if they are called with constant arguments (lengths, const string literals, etc.), can't choose best generated code, can't argue about those from aliasing, points to etc. POV, can't attempt to optimize say PL_strcat (str1, "abcde"); PL_strcat (str1, str2); etc. So, whenever somebody comes across such a mess in packages we ship in Fedora, please try to undo that mess by adding #defines or inline wrappers. Jakub -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
