Hello, On Thursday, January 20, 2022 5:56:04 PM EST Marek Polacek wrote: > > > Are there plans to enable this flag so that all applications, but more > > > importantly the kernel, are hardened against uninitialized stack > > > variables? This is one of the major classes of security bugs that > > > could potentially be eliminated during this mass rebuild. > > > > There are currently no plans that I am aware of that involve turning on > > '-ftrivial-auto-var-init=zero' in the short term for Fedora. CC'ing Jakub > > and Marek to comment. > > Also not aware of any plans to always enable it. I think we should consider it. I'll start a new thread so that the topic is clearer. > > It is something that should be discussed, turned on in Rawhide first, > > and likely via redhat-rpm-config default flags first, and then we should > > fix any fallout. > > > > I'd only be comfortable if we did it early and worked through the > > consequences. So it could be something to discuss for F37. > > Right. It reminds me of MALLOC_PERTURB_, but for automatic variables. > > Obviously it's always important to measure its slowdown (maybe run a SPEC > benchmark) / compile time / stack usage. Some of it has been done: > https://gcc.gnu.org/pipermail/gcc-patches/2021-January/562872.html > but that was an early version of the patch. Still, it seems like it'd be > acceptable. > > It's a new feature, only present in GCC 12 (which hasn't been released as > of now), so I think it needs more testing before it could be (considered > to be) enabled by default. That's fine. I think F37 is a good target. > A good thing is that it doesn't suppress the -Wuninitialized warning so > you still get a chance to fix your bugs. It also comes with an attribute > to keep variables uninitialized even when the options is turned on. > > From what I've seen its the kernel that would most benefit from the option, > and it looks like it already has support for it: > > CONFIG_INIT_STACK_ALL_ZERO > CONFIG_INIT_STACK_ALL_PATTERN > > so maybe it's enough to enable it for the kernel. Or start there, see how > it does, then add it to our hardening flags. Unless it's been reworked to also allow gcc, this was a clang only option. There are a number of distributions that use clang as the compiler for the whole project. But let's discuss this in a separate thread about this topic. Best Regards, -Steve _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
