[torquedev] Building Torque with _FORTIFY_SOURCE ?
Chris Samuel
csamuel at vpac.org
Thu Mar 27 01:01:00 MDT 2008
Hi all,
Is it worth configuring Torque by default to use the GCC
stack overflow checks built in through _FORTIFY_SOURCE
in recent versions of GCC ?
There are some details here:
http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
but basically the nub of it is:
> The intended use in glibc is that by default no protection is
> done, when the above GCC 4.0+ and -D_FORTIFY_SOURCE=1 is used
> at optimization level 1 and above, security measures that
> shouldn't change behaviour of conforming programs are taken.
> With -D_FORTIFY_SOURCE=2 some more checking is added, but
> some conforming programs might fail.
>
> Buffer overflows can be detected at compile time
> or at runtime, if the compiler can detect they will not
> happen, normal functions as opposed to their checking
> alternatives are used.
There is a comparison of _FORTIFY_SOURCE with GCC's
Stack Smashing Protector (SSP) here:
http://blog.eonsec.com/2008/01/ssp-and-fortifysource.html
cheers,
Chris
--
Christopher Samuel - (03) 9925 4751 - Systems Manager
The Victorian Partnership for Advanced Computing
P.O. Box 201, Carlton South, VIC 3053, Australia
VPAC is a not-for-profit Registered Research Agency
More information about the torquedev
mailing list