Avoid undefining _FORTIFY_SOURCE unnecessarily #167

davidpolverari · 2021-08-18T16:15:19Z

The build systems of some Linux distros (like Debian) make use of
_FORTIFY_SOURCE in more secure levels than stated by pev. This patch
only defines _FORTIFY_SOURCE if it has not been defined before.

The previous approach of undefining and defining it unconditionally
caused a weakening of the hardening expected by those distros' build
systems. This patch keeps the same functionality as before, while
allowing for distros to use more secure levels if so they wish.

The build systems of some Linux distros (like Debian) make use of _FORTIFY_SOURCE in more secure levels than stated by pev. This patch only defines _FORTIFY_SOURCE if it has not been defined before. The previous approach of undefining and defining it unconditionally caused a weakening of the hardening expected by those distros' build systems. This patch keeps the same functionality as before, while allowing for distros to use more secure levels if so they wish.

merces · 2021-08-18T18:30:43Z

Thanks for that!

davidpolverari · 2021-08-18T18:49:23Z

Thanks for that!

You're welcome!

merces self-assigned this Aug 18, 2021

merces added the packaging label Aug 18, 2021

merces merged commit 69c355e into mentebinaria:master Aug 18, 2021

davidpolverari deleted the distro_fortify branch August 18, 2021 18:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Avoid undefining _FORTIFY_SOURCE unnecessarily #167

Avoid undefining _FORTIFY_SOURCE unnecessarily #167

davidpolverari commented Aug 18, 2021

merces commented Aug 18, 2021

davidpolverari commented Aug 18, 2021

Avoid undefining _FORTIFY_SOURCE unnecessarily #167

Avoid undefining _FORTIFY_SOURCE unnecessarily #167

Conversation

davidpolverari commented Aug 18, 2021

merces commented Aug 18, 2021

davidpolverari commented Aug 18, 2021