gcc FORTIFY_SOURCE application security flags
Kim Barrett
kim.barrett at oracle.com
Fri May 3 15:46:49 UTC 2019
> On May 3, 2019, at 11:12 AM, Baesken, Matthias <matthias.baesken at sap.com> wrote:
>
>
>
>
> Hello.
> maybe some of you are aware of the gcc FORTIFY_SOURCE application security flags.
> Developers can enable compile and also runtime checks for some string / memory related operations with the flag.
>
> See details :
> https://access.redhat.com/blogs/766093/posts/1976213
>
> Have you tried already those flags in the OpenJDK ?
I happen to like _FORTIFY_SOURCE, as I’ve seen it catch some real problems that would have been
much harder to find otherwise. However, we’ve tried it in the past and ran into some problems. There
is an existing RFE to reinstate it’s use, which also mentions or references those previous attempts and
the problems encountered. See JDK-8130017 "use _FORTIFY_SOURCE in gcc fastdebug builds”.
I didn’t know about the hs_err problem. It might be considered less of a problem if only enabling in
fastdebug builds (as suggested by JDK-8130017), as such builds are developer-oriented and the
loss of an hs_err file is (while annoying) perhaps less critical.
More information about the build-dev
mailing list