[Tails-dev] Consider adding -D_FORTIFY_SOURCE=3 to some app…

Nachricht löschen

Nachricht beantworten
Autor: David A. Wheeler
Datum:  
To: tails-dev@boum.org
Betreff: [Tails-dev] Consider adding -D_FORTIFY_SOURCE=3 to some applications (e.g., web browser)?
Has anyone looked into adding -D_FORTIFY_SOURCE=3 to some applications that directly interact with data from the Internet, such as t eh , web browser or parts of the Tor implementation?

More info: "GCC's new fortification level: The gains and costs"
https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level

It appears to make buffer overflows much harder to exploit, but the code needs to
not access memory after freeing (good idea anyway) & there's *some* performance impact.
It's unclear how much the performance impact is; probably the only way to know is to try it.

--- David A. Wheeler