[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE
From: |
Jeffrey Walton |
Subject: |
gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE |
Date: |
Sun, 12 Jul 2020 09:25:34 -0400 |
Hi Everyone,
This caught my eye:
/bin/sh ../libtool --tag=CC --mode=compile gcc -std=gnu99
-DHAVE_CONFIG_H -I. -I.. <...> -U_FORTIFY_SOURCE -MT common.lo -MD -MP
-MF .deps/common.Tpo -c -o common.lo common.c
Disabling _FORTIFY_SOURCE will cause GNU Cobol to fail audits and
acceptance testing. For example, checksec
(https://github.com/slimm609/checksec.sh) will generate findings on
the output artifacts.
It also begs the question "why?" As far as I know, the option should
only be needed when buffer overflows are OK. We typically see
-U_FORTIFY_SOURCE when someone is experimenting with stack based
overflows in pentesting courses.
If you really need -U_FORTIFY_SOURCE, then you might consider adding a
discussion in README or NOTES file explaining why.
Jeff
- gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE,
Jeffrey Walton <=