Summary: | dev-db/mariadb: does not respect CFLAGS (fno-stack-protector) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Agostino Sarubbo <ago> |
Component: | Current packages | Assignee: | Gentoo Linux MySQL bugs team <mysql-bugs> |
Status: | CONFIRMED --- | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2018-01-23 13:37:14 UTC
Beginning in MariaDB 10.1, the option SECURITY_HARDENED [1] was added to always set pie, PIC, -fstack-protector, and -D_FORTIFY_SOURCE=2 when the compiler version was >= 4.6. If this is unwanted, I could certainly force it off. I did not consider it previously as it seemed to be doing the right thing. [1] https://github.com/MariaDB/server/blob/10.1/CMakeLists.txt#L217 Marking this NEEDINFO until there is a response on the best course of action Is fine have those flags, but the user's flags should be passed after the build system flags so they can be overwritten. (In reply to Agostino Sarubbo from comment #3) > Is fine have those flags, but the user's flags should be passed after the > build system flags so they can be overwritten. > To allow the user to decide for himself if he wants address sanitation and/or hardening, two other local USE flags could be stablished, call them "asan" and "harden". Then, depending upon the USE flag selected, the ebuild would need to set the cmake options accordingly. For example if the user selects "-asan" and "-harden": mycmakeargs+=( -DSECURITY_HARDENED=OFF -DWITH_UBSAN=OFF -DWITH_ASAN=OFF ) I've tested this on my sytem and there are no issues. |