From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: Re: hardening Date: Sun, 11 Mar 2018 14:36:37 +0000 Message-ID: <20180311143637.5cmjcqr6ugkznxsk@abyayala> References: <87a7wwesx2.fsf@abyayala.i-did-not-set--mail-host-address--so-tickle-me> <871si6w76r.fsf@gmail.com> <20180311133732.ojqacszx2mckvdim@abyayala> <20180311134059.mwy6flojzvxxnnah@abyayala> <878tayu2ri.fsf@elephly.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44080) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ev25V-0002f5-9K for guix-devel@gnu.org; Sun, 11 Mar 2018 10:36:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ev25Q-00018C-Am for guix-devel@gnu.org; Sun, 11 Mar 2018 10:36:37 -0400 Received: from aibo.runbox.com ([91.220.196.211]:34268) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ev25Q-00017O-3k for guix-devel@gnu.org; Sun, 11 Mar 2018 10:36:32 -0400 Content-Disposition: inline In-Reply-To: <878tayu2ri.fsf@elephly.net> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ricardo Wurmus Cc: guix-devel@gnu.org, ng0 Ricardo Wurmus transcribed 486 bytes: > > ng0 writes: > > >> > The flags I use (suggested by Debian Wiki[0]) are: > >> > > >> > CPPFLAGS=-D_FORTIFY_SOURCE=2 > >> > >> How does this differ from "-O2 -D_FORTIFY_SOURCE" in CFLAGS? > >> I know O2 is optimization and that FORTIFY_SOURCE requires optimization > >> to be specified. > > > > Okay, I've read some related commits and bug tickets, I understand > > the difference now. > > Please share. Otherwise this comment isn’t really helpful for this > discussion. Well there's the Debian wiki: https://wiki.debian.org/Hardening and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643632 as well as the gcc Manual about it. Debian uses -D_FORTIFY_SOURCE -O1. My use of -O2 -D_FORTIFY_SOURCE in CFLAGS was not correct. > > -- > Ricardo > > > -- A88C8ADD129828D7EAC02E52E22F9BBFEE348588 https://n0.is