[LTP] RFC add _FORTIFY_SOURCE to default LTP CFLAGS

[LTP] RFC add _FORTIFY_SOURCE to default LTP CFLAGS

[chrubis]

Hi!
Recently just another open(.., O_CREAT) without mode_t flags slipped in
the git, which would have been easily catched early by glibc
_FORTIFY_SOURCE feature. If _FORTIFY_SOURCE is set additional checks for
unused return values, buffer overflows etc. are done. Some distros eable
it even by default...

Does anybody oposse against adding -D_FORTIFY_SOURCE=2 to the default
LTP CFLAGS?

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] RFC add _FORTIFY_SOURCE to default LTP CFLAGS

[chrubis]

Hi!
> > Recently just another open(.., O_CREAT) without mode_t flags slipped in
> > the git, which would have been easily catched early by glibc
> > _FORTIFY_SOURCE feature. If _FORTIFY_SOURCE is set additional checks for
> > unused return values, buffer overflows etc. are done. Some distros eable
> > it even by default...
> > 
> > Does anybody oposse against adding -D_FORTIFY_SOURCE=2 to the default
> > LTP CFLAGS?
> 
> i have a hard time coming up with a scenario where having the flags enabled 
> would cause a problem for us.  i.e. trying to test C library behavior by 
> violating fortify.  if that does actually come up, we could just easily put at 
> the top of the test:
> 	/* We actually want test verify XXX */
> 	#undef _FORTIFY_SOURCE
> 
> Gentoo has had this enabled by default in the toolchain for years and don't 
> recall running into a problem thus far.
> 
> nit though: this should be CPPFLAGS, not CFLAGS.

Ok, CPPFLAGS is better. What would be the best place for it, I came up
with simple:

diff --git a/configure.ac b/configure.ac
index f0fc6b0..afc998c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -30,6 +30,8 @@ AC_PROG_YACC
 
 AC_PREFIX_DEFAULT(/opt/ltp)
 
+CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
+
 AC_CHECK_HEADERS([ \
     dmapi.h \
     ifaddrs.h \
diff --git a/include/mk/config.mk.default b/include/mk/config.mk.default
index 953747c..dae9cb7 100644
--- a/include/mk/config.mk.default
+++ b/include/mk/config.mk.default
@@ -54,7 +54,7 @@ mandir			:= ${datarootdir}/man
 
 RPMBUILD		?= rpmbuild
 
-CPPFLAGS		:=
+CPPFLAGS		:= -D_FORTIFY_SOURCE=2
 CFLAGS			:= -g -O2
 LDLIBS			:=
 LDFLAGS			:=


Which should IMHO work as having defined unrecognized macro should not
break anything, or is there a need how to test for _FORTIFY_SOURCE libc
support?

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] RFC add _FORTIFY_SOURCE to default LTP CFLAGS

[chrubis]

Hi!
> 
> unfortunately that does not work.  this snippet from coreutils is probably 
> better:
>   AH_VERBATIM([FORTIFY_SOURCE],
>   [/* Enable compile-time and run-time bounds-checking, and some warnings,
>       without upsetting glibc 2.15+. */
>    #if !defined _FORTIFY_SOURCE && defined __OPTIMIZE__ && __OPTIMIZE__
>    # define _FORTIFY_SOURCE 2   
>    #endif
>   ])

That wouldn't work here, as config.h is included only in a few testcases
(in these that actually use some of the defines there).

But given that this just copies some ifdefs into config.h what about
adding the snippet directly into compiler.h that is included from
test.h thus ends up in all testcases?

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] RFC add _FORTIFY_SOURCE to default LTP CFLAGS

[Mike Frysinger]

[-- Attachment #1.1: Type: Text/Plain, Size: 1275 bytes --]

On Wednesday 28 August 2013 12:34:40 Mike Frysinger wrote:
> On Wednesday 28 August 2013 07:56:01 chrubis@suse.cz wrote:
> > > unfortunately that does not work.  this snippet from coreutils is
> > > probably better:
> > >   AH_VERBATIM([FORTIFY_SOURCE],
> > >   [/* Enable compile-time and run-time bounds-checking, and some
> > >   warnings,
> > >       without upsetting glibc 2.15+. */
> > >    #if !defined _FORTIFY_SOURCE && defined __OPTIMIZE__ && __OPTIMIZE__
> > >    # define _FORTIFY_SOURCE 2
> > >    #endif
> > >   ])
> > 
> > That wouldn't work here, as config.h is included only in a few testcases
> > (in these that actually use some of the defines there).
> > 
> > But given that this just copies some ifdefs into config.h what about
> > adding the snippet directly into compiler.h that is included from
> > test.h thus ends up in all testcases?
> 
> SGTM

err, no, that won't work either.  _FORTIFY_SOURCE must be defined before any 
header file is included.  otherwise, including all the C lib headers and then 
test.h and then defining this won't accomplish anything.

you could probably turn that AH_VERBATIM into a compile test and then add it 
to CPPFLAGS based on the result.  that would probably work in most cases.
-mike

[-- Attachment #1.2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

[-- Attachment #2: Type: text/plain, Size: 433 bytes --]

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk

[-- Attachment #3: Type: text/plain, Size: 155 bytes --]

_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] RFC add _FORTIFY_SOURCE to default LTP CFLAGS

[chrubis]

Hi!
> > > That wouldn't work here, as config.h is included only in a few testcases
> > > (in these that actually use some of the defines there).
> > > 
> > > But given that this just copies some ifdefs into config.h what about
> > > adding the snippet directly into compiler.h that is included from
> > > test.h thus ends up in all testcases?
> > 
> > SGTM
> 
> err, no, that won't work either.  _FORTIFY_SOURCE must be defined before any 
> header file is included.  otherwise, including all the C lib headers and then 
> test.h and then defining this won't accomplish anything.

Ah, you are right.

> you could probably turn that AH_VERBATIM into a compile test and then add it 
> to CPPFLAGS based on the result.  that would probably work in most cases.

So back to the beginning...

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] RFC add _FORTIFY_SOURCE to default LTP CFLAGS

[chrubis]

[-- Attachment #1: Type: text/plain, Size: 279 bytes --]

Hi!
> > you could probably turn that AH_VERBATIM into a compile test and then add it 
> > to CPPFLAGS based on the result.  that would probably work in most cases.
> 
> So back to the beginning...

What about this patch?
(it's tested and works)

-- 
Cyril Hrubis
chrubis@suse.cz

[-- Attachment #2: 0001-configure-Add-_FORTIFY_SOURCE-2.patch --]
[-- Type: text/x-diff, Size: 2305 bytes --]

From 9d69dc34b6f08e742d79a30b4253371836de7367 Mon Sep 17 00:00:00 2001
From: Cyril Hrubis <chrubis@suse.cz>
Date: Mon, 2 Sep 2013 16:13:16 +0200
Subject: [PATCH] configure: Add _FORTIFY_SOURCE=2

Add -D_FORTIFY_SOURCE=2 into CPPFLAGS if:

o it's not allready set in system headers
o optimalization is enabled

Signed-off-by: Cyril Hrubis <chrubis@suse.cz>
---
 configure.ac             |  2 +-
 m4/ltp-fortify_source.m4 | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 m4/ltp-fortify_source.m4

diff --git a/configure.ac b/configure.ac
index f0fc6b0..81f92ab 100644
--- a/configure.ac
+++ b/configure.ac
@@ -144,7 +144,7 @@ else
 fi
 
 # END testsuites knobs
-
+LTP_CHECK_FORTIFY_SOURCE
 LTP_CHECK_MKDTEMP
 LTP_CHECK_CAPABILITY_SUPPORT
 LTP_CHECK_CRYPTO
diff --git a/m4/ltp-fortify_source.m4 b/m4/ltp-fortify_source.m4
new file mode 100644
index 0000000..ffb22b4
--- /dev/null
+++ b/m4/ltp-fortify_source.m4
@@ -0,0 +1,39 @@
+dnl
+dnl Copyright (c) 2013 Cyril Hrubis <chrubis@suse.cz>
+dnl
+dnl This program is free software;  you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY;  without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+dnl the GNU General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program;  if not, write to the Free Software
+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+dnl
+
+dnl
+dnl LTP_CHECK_FORTIFY_SOURCE
+dnl ------------------------
+dnl
+AC_DEFUN([LTP_CHECK_FORTIFY_SOURCE],[dnl
+	AC_MSG_CHECKING(whether to define _FORTIFY_SOURCE=2)
+	AC_COMPILE_IFELSE([AC_LANG_SOURCE([
+#include <stdio.h>
+
+int main(void)
+{
+#if !defined _FORTIFY_SOURCE && defined __OPTIMIZE__ && __OPTIMIZE__
+	return 0;
+#else
+# error Compiling without optimalizations
+#endif
+}
+])],[CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
+AC_MSG_RESULT(yes)],
+[AC_MSG_RESULT(no)])
+])
-- 
1.8.1.5


[-- Attachment #3: Type: text/plain, Size: 433 bytes --]

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk

[-- Attachment #4: Type: text/plain, Size: 155 bytes --]

_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list