On Wed, Mar 13, 2019 at 12:38:02PM +0100, Dridi Boukelmoune wrote: > On Wed, Mar 13, 2019 at 12:19 PM Jakub Jelinek <jakub@xxxxxxxxxx> wrote: > > > > On Mon, Mar 11, 2019 at 01:56:14PM -0400, Ben Cotton wrote: > > > https://fedoraproject.org/wiki/Changes/HardenedCompiler > > > > > > == Summary == > > > By Default enable a few security hardening flags which are used with GCC. > > > > I'm strongly against this, the reasons have been explained multiple times. > > > > We have annobin and easy way to determine what misses to propagate the flags > > down. > > I think the key sentence here is this one: > > > == Benefit to Fedora == > > We provide better security both for our packages and for > > applications/programs which users are building. > > IMHO this should have nothing to do with our packages since we already > have guidelines regarding hardening and in most cases it should be the > case without package maintainer intervention (exotic build systems or > misuse or misconfiguration do exist). > > To me this change should only be meant for end-users of GCC, not the > Fedora build infrastructure itself. I'm all for making it easier for users, say by adding hardened-gcc/hardened-g++ wrappers or some dir with gcc/g++ wrappers users can prepend in PATH if they want certain behavior, but changing the defaults of what gcc does is a huge mistake. I know some distros have done it for certain options, that doesn't change my opinion about it. The thing is, when the defaults change, then people using the compiler need to start using -fno-pie, -U__FORTIFY_SOURCE, -fno-stack-protector and the like whenever they do want normal behavior, and as cross environments you can't rely on the same defaults you need to stick those or the hardening flags everywhere because you don't know what the compiler of the day will do. Not to mention that -D__FORTIFY_SOURCE=2 rejects some valid C programs, so gcc would be no longer standard compliant (and e.g. glibc headers warn about it when used with -O0). It is a similar reason why gcc doesn't change all of sudden -O0 default to -O2. Jakub _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
