disaster! glibc, gcc4, FORTIFY_SOURCE

[Cameron Simpson]

At the risk of looking like a complete idiot, I'd like to report an
apparently serious problem with the recent glibc etc stuff in (I think)
Fedora-Development.

In an excess of zeal yesterday I upgraded some packages from the
development set and now various programs report "buffer overflow detected"
and like messages, and abort. These programs include bash and my usual
mail reader. I've reverted my glibc to 2.3.4 from fedora-updates and
things are a bit better but not totally fixed, so I figure I've still
got some more packages to locate and revert:-(

I suspect this behaviour stems from recent builds using GCC 4 and
-D_FORTIFY_SOURCE=2 from the release notes and a bit of perusal of the
glibc-2.3.5 sources. Could someone (Jakub?) confirm or discredit this
notion please?

If confirmed, is there a URL that documents the effects of this?
Is there a runtime way to turn these from "abort" into "warn but proceed"?

If discredited, what then _is_ going on?

I'd like to suggest that this kind of build not be done for any release
versions; while all the crashing programs are almost certainly buggy,
unless the user can switch the behaviour _off_ they will be very very
unhappy.

Yes it's fedora-devel, and I accept I've shot myself in the foot.  But a
user hoping to test some fedora-devel stuff can too easily end up with
a system that is totally uncooperatives as opposed to having a few apps
a bit buggy.

Remarks and advice?
--
Cameron Simpson <cs at zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/

If it can't be turned off, it's not a feature. - Karl Heuer