On Wed, Dec 07, 2022 at 09:02:36AM +0100, Vitaly Zaitsev via devel wrote: > On 06/12/2022 23:20, Michael Catanzaro via devel wrote: > > Even if extra bounds checking makes code 10% slower, which seems very unlikely, the benefit of the extra hardening would still be worth it. _FORTIFY_SOURCE=3 is going to make it harder to hack Fedora users, converting code execution vulnerabilities into denial of service vulnerabilities. > > No, it doesn't. 3% maximum is acceptable in this case. > > Me and all my friends use mitigations=off. A huge performance penalty for > the sake of potential vulnerabilities that still need to be able to exploit. Don't assume that your insecure usage is typical of Fedora's userbase as a whole. I doubt most people even know that mitigations=off is a thing, nor even notice the performance penalty of the mitigations enough to want to turn it off. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
