From: chrubis@suse.cz
To: Mike Frysinger <vapier@gentoo.org>
Cc: ltp-list@lists.sourceforge.net
Subject: Re: [LTP] RFC add _FORTIFY_SOURCE to default LTP CFLAGS
Date: Tue, 27 Aug 2013 13:04:34 +0200 [thread overview]
Message-ID: <20130827110434.GA10995@rei.Home> (raw)
In-Reply-To: <201308242143.45598.vapier@gentoo.org>
Hi!
> > Recently just another open(.., O_CREAT) without mode_t flags slipped in
> > the git, which would have been easily catched early by glibc
> > _FORTIFY_SOURCE feature. If _FORTIFY_SOURCE is set additional checks for
> > unused return values, buffer overflows etc. are done. Some distros eable
> > it even by default...
> >
> > Does anybody oposse against adding -D_FORTIFY_SOURCE=2 to the default
> > LTP CFLAGS?
>
> i have a hard time coming up with a scenario where having the flags enabled
> would cause a problem for us. i.e. trying to test C library behavior by
> violating fortify. if that does actually come up, we could just easily put at
> the top of the test:
> /* We actually want test verify XXX */
> #undef _FORTIFY_SOURCE
>
> Gentoo has had this enabled by default in the toolchain for years and don't
> recall running into a problem thus far.
>
> nit though: this should be CPPFLAGS, not CFLAGS.
Ok, CPPFLAGS is better. What would be the best place for it, I came up
with simple:
diff --git a/configure.ac b/configure.ac
index f0fc6b0..afc998c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -30,6 +30,8 @@ AC_PROG_YACC
AC_PREFIX_DEFAULT(/opt/ltp)
+CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
+
AC_CHECK_HEADERS([ \
dmapi.h \
ifaddrs.h \
diff --git a/include/mk/config.mk.default b/include/mk/config.mk.default
index 953747c..dae9cb7 100644
--- a/include/mk/config.mk.default
+++ b/include/mk/config.mk.default
@@ -54,7 +54,7 @@ mandir := ${datarootdir}/man
RPMBUILD ?= rpmbuild
-CPPFLAGS :=
+CPPFLAGS := -D_FORTIFY_SOURCE=2
CFLAGS := -g -O2
LDLIBS :=
LDFLAGS :=
Which should IMHO work as having defined unrecognized macro should not
break anything, or is there a need how to test for _FORTIFY_SOURCE libc
support?
--
Cyril Hrubis
chrubis@suse.cz
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
next prev parent reply other threads:[~2013-08-27 11:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-11 11:00 [LTP] RFC add _FORTIFY_SOURCE to default LTP CFLAGS chrubis
[not found] ` <201308242143.45598.vapier@gentoo.org>
2013-08-27 11:04 ` chrubis [this message]
[not found] ` <201308271218.22009.vapier@gentoo.org>
2013-08-28 11:56 ` chrubis
[not found] ` <201308281234.41447.vapier@gentoo.org>
2013-08-28 16:37 ` Mike Frysinger
2013-09-02 12:23 ` chrubis
2013-09-02 14:27 ` chrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130827110434.GA10995@rei.Home \
--to=chrubis@suse.cz \
--cc=ltp-list@lists.sourceforge.net \
--cc=vapier@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox