Jakub Jelinek jakub at redhat.com
Tue Sep 18 23:33:06 UTC 2007


Starting with gcc-4.1.2-25 and glibc-2.6.90-14 -D_FORTIFY_SOURCE=2
protects not only C code, but also C++.  There have been several security
issues already which would have been unexploitable if this checking
was in place earlier.

All the mem*, str* etc. routines that were previously protected
in C will now do so in C++ as well, similarly *printf won't accept
%n if format string is in writable memory, open{,at}{,64} functions
are checked too (compile time detecteable O_CREAT with only 2
arguments (3 for openat{,64}) results in link time errors,
if it is unclear whether oflag arg has O_CREAT or not at compile time
and only 2 (resp. 3 for openat{,64}) args are provided, runtime
checking is done).

BTW, even for C open is no longer a function-like macro, while
it is desirable to fix packages that don't allow open to be
defined as function-like macro, it will no longer be a necessity
for F8 to change this.

If you see any bugs on the toolchain side (rather than newly
discovered package bugs), please let us know in bugzilla ASAP.



More information about the Fedora-devel-announce mailing list