Hi Vit, On 3/12/19 5:40 PM, Vít Ondruch wrote: > Will it help to mitigate issues such as: > > https://bugzilla.redhat.com/show_bug.cgi?id=1284684 > This is related to the following change which was made in Fedora 23: https://fedoraproject.org/wiki/Changes/Harden_All_Packages. My proposal does not touch PIE or RELRO at all, but is related to compiling code with protections which mitigate, format string attacks and stack-based buffer overflows. It is pretty common to enable these flags while compiling, its just strange that we dont enable these by default. > and mitigate workarounds such as: > > https://bugzilla.redhat.com/show_bug.cgi?id=1543394 > > That would be wonderful. > > > Also, while OT to this specific change, I would love to have ability to > have some compiler flags tailored to my environment. E.g. enabled > optimizations specific to my CPU. That could enable potential of JIT > compilation in Ruby and possibly everywhere else where compiler is > involved in installation some extensions from 3rd party repositories. > > > Vít > > > Dne 11. 03. 19 v 18:56 Ben Cotton napsal(a): >> https://fedoraproject.org/wiki/Changes/HardenedCompiler >> >> == Summary == >> By Default enable a few security hardening flags which are used with GCC. >> >> == Owner == >> * Name: [[User:huzaifas|Huzaifa Sidhpurwala]] >> * Email: huzaifas@xxxxxxxxxx >> * Release notes owner: huzaifas@xxxxxxxxxx >> >> >> == Detailed Description == >> Currently GCC does not enable any security hardening flags by default. >> They have to be explicitly enabled by the developers one-by-one. >> Ubuntu (https://wiki.ubuntu.com/ToolChain/CompilerFlags) however >> enables them and therefore has a hardened compiler by default. Each of >> these options can be explicitly disabled if required by the developer >> via a GCC command line flag. I am currently proposing the following >> flags be enabled by default. >> >> '''-Wformat -Wformat-security -fstack-protector-strong >> --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -O''''' >> >> {| class="wikitable" >> |- >> ! No !! Flag !! Use !! How to disable >> |- >> | 1 || -Wformat || Check calls to "printf" and "scanf", etc., to make >> sure that the arguments supplied have types appropriate to the format >> string specified, and that the conversions specified in the format >> string make sense. || -Wno-format >> |- >> | 2 || -Wformat-security || If -Wformat is specified, also warn about >> uses of format functions that represent possible security problems. >> || -Wno-format should disable this as well >> |- >> | 3 || -fstack-protector-strong || Like -fstack-protector but includes >> additional functions to be protected --- those that have local array >> definitions, or have references to local frame addresses. >> || -fno-stack-protector >> |} >> >> >> == Benefit to Fedora == >> We provide better security both for our packages and for >> applications/programs which users are building. >> >> == Scope == >> * Proposal owners: Patch gcc to enable these options by default. Patch >> should be very simple, since the compile/link code isnt actually >> touched. >> * Other developers: Developers need to ensure that Fedora package is >> built and if any build failures they are corrected >> * Release engineering: [https://pagure.io/releng/issue/8204 #8204] >> * Policies and guidelines: The policies and guidelines do not need to >> be updated. >> * Trademark approval: Not needed for this change >> >> == Upgrade/compatibility impact == >> None >> >> == How To Test == >> Run "gcc -Q -v <foo.c>" to check if these flags are enabled by default >> >> == User Experience == >> Fedora is more secure because the entire distribution is compiled with >> the correct security technologies enabled. Developers dont have to >> worry about enabling the right flags when they compile their >> application in Fedora because the compiler has them enabled by >> default. >> >> == Dependencies == >> All packages will be rebuild with new GCC options. >> >> == Contingency Plan == >> * Contingency mechanism: Roll back the GCC options and use the default ones. >> * Contingency deadline: Beta Feeze >> * Blocks release? No >> >> >> >> > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > -- Huzaifa Sidhpurwala / Red Hat Product Security Team _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
