gnucobol-3.1-rc1 and -U_FORTIFY

bug-gnucobol

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE

From:	Jeffrey Walton
Subject:	gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE
Date:	Sun, 12 Jul 2020 09:25:34 -0400

Hi Everyone,

This caught my eye:

/bin/sh ../libtool  --tag=CC   --mode=compile gcc -std=gnu99
-DHAVE_CONFIG_H -I. -I.. <...> -U_FORTIFY_SOURCE -MT common.lo -MD -MP
-MF .deps/common.Tpo -c -o common.lo common.c

Disabling _FORTIFY_SOURCE will cause GNU Cobol to fail audits and
acceptance testing. For example, checksec
(https://github.com/slimm609/checksec.sh) will generate findings on
the output artifacts.

It also begs the question  "why?" As far as I know, the option should
only be needed when buffer overflows are OK. We typically see
-U_FORTIFY_SOURCE when someone is experimenting with stack based
overflows in pentesting courses.

If you really need -U_FORTIFY_SOURCE, then you might consider adding a
discussion in README or NOTES file explaining why.

Jeff

[Prev in Thread]

Current Thread

[Next in Thread]

gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE, Jeffrey Walton <=
- Re: gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE, James K. Lowden, 2020/07/13
  - Re: gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE, Jeffrey Walton, 2020/07/13
    - Re: gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE, Edward Hart, 2020/07/14
    - Re: gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE, Jeffrey Walton, 2020/07/14

Prev by Date: gnucobol-3.1-rc1 and one failure
Next by Date: Re: gnucobol-3.1-rc1 and one failure
Previous by thread: gnucobol-3.1-rc1 and one failure
Next by thread: Re: gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE
Index(es):
- Date
- Thread