| Summary: | app-admin/clsync-0.4.5 redefines _FORTIFY_SOURCE | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Agostino Sarubbo <ago> |
| Component: | Current packages | Assignee: | Andrew Savchenko <bircoph> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 847148 | ||
| Attachments: | build.log | ||
|
Description
Agostino Sarubbo
2023-02-02 08:15:30 UTC
Created attachment 849684 [details]
build.log
build log and emerge --info
clsync is designed to set -D_FORTIFY_SOURCE according to user security preferences during configure stage. It is possible to disable -D_FORTIFY_SOURCE enforcement with --disable-paranoid configure option, but the price will be lower security level, because other security features will be disabled as well. I think adding -D_FORTIFY_SOURCE=3 to --enable-paranoid=2 will be reasonable solution, though I don't want to remove -D_FORTIFY_SOURCE control from configure at all, since many OSes don't do this properly. (In reply to Andrew Savchenko from comment #2) > clsync is designed to set -D_FORTIFY_SOURCE according to user security > preferences during configure stage. It is possible to disable > -D_FORTIFY_SOURCE enforcement with --disable-paranoid configure option, but > the price will be lower security level, because other security features will > be disabled as well. What other features? It's quite common for us to need to pass such things in Gentoo because they either override or lower protection compared to defaults. > > I think adding -D_FORTIFY_SOURCE=3 to --enable-paranoid=2 will be reasonable > solution, though I don't want to remove -D_FORTIFY_SOURCE control from > configure at all, since many OSes don't do this properly. In Gentoo, we always have F_S=2 as a minimum, so it's fine to patch it locally. (In reply to Sam James from comment #3) > (In reply to Andrew Savchenko from comment #2) > > clsync is designed to set -D_FORTIFY_SOURCE according to user security > > preferences during configure stage. It is possible to disable > > -D_FORTIFY_SOURCE enforcement with --disable-paranoid configure option, but > > the price will be lower security level, because other security features will > > be disabled as well. > > What other features? It's quite common for us to need to pass such things in > Gentoo because they either override or lower protection compared to defaults. AS_IF( [test $paranoid -ge 1], [ CPPFLAGS="${CPPFLAGS} -D_FORTIFY_SOURCE=2 -DPARANOID" CFLAGS="${CFLAGS} -fstack-protector-all -Wall --param ssp-buffer-size=4" LDFLAGS="${LDFLAGS} -Xlinker -zrelro" AX_CHECK_COMPILE_FLAG([-fstack-check], [CFLAGS="${CFLAGS} -fstack-check"]) ] ) AS_IF([test $paranoid -eq 2], [CPPFLAGS="${CPPFLAGS} -DVERYPARANOID"]) -DPARANOID and -DVERYPARANOID control various run-time sanity checks or other safety measures, within the code. At paranoid level 2 expensive checks are enabled in clsync which correlates well with -D_FORTIFY_SOURCE=3 as they are expensive as well compared to -D_FORTIFY_SOURCE=2 (e.g. run-time vs build-time). > > > > I think adding -D_FORTIFY_SOURCE=3 to --enable-paranoid=2 will be reasonable > > solution, though I don't want to remove -D_FORTIFY_SOURCE control from > > configure at all, since many OSes don't do this properly. > > In Gentoo, we always have F_S=2 as a minimum, so it's fine to patch it > locally. As a default != as a minimum. (In reply to Andrew Savchenko from comment #4) > (In reply to Sam James from comment #3) > > (In reply to Andrew Savchenko from comment #2) > > > clsync is designed to set -D_FORTIFY_SOURCE according to user security > > > preferences during configure stage. It is possible to disable > > > -D_FORTIFY_SOURCE enforcement with --disable-paranoid configure option, but > > > the price will be lower security level, because other security features will > > > be disabled as well. > > > > What other features? It's quite common for us to need to pass such things in > > Gentoo because they either override or lower protection compared to defaults. > > AS_IF( > > [test $paranoid -ge 1], > > [ > > CPPFLAGS="${CPPFLAGS} -D_FORTIFY_SOURCE=2 -DPARANOID" > > CFLAGS="${CFLAGS} -fstack-protector-all -Wall --param > ssp-buffer-size=4" > > LDFLAGS="${LDFLAGS} -Xlinker -zrelro" > > AX_CHECK_COMPILE_FLAG([-fstack-check], [CFLAGS="${CFLAGS} > -fstack-check"]) > > ] > > ) > > AS_IF([test $paranoid -eq 2], [CPPFLAGS="${CPPFLAGS} -DVERYPARANOID"]) > > -DPARANOID and -DVERYPARANOID control various run-time sanity checks or > other safety measures, within the code. At paranoid level 2 expensive checks > are enabled in clsync which correlates well with -D_FORTIFY_SOURCE=3 as they > are expensive as well compared to -D_FORTIFY_SOURCE=2 (e.g. run-time vs > build-time). Sounds like you could just add -DPARANOID in the ebuild then. The rest of that is either default or a bad idea (-fstack-check is considered obsolete and we already set -fstack-clash-protection). We already set an SSP buffer size of 4. > > > > > > > I think adding -D_FORTIFY_SOURCE=3 to --enable-paranoid=2 will be reasonable > > > solution, though I don't want to remove -D_FORTIFY_SOURCE control from > > > configure at all, since many OSes don't do this properly. > > > > In Gentoo, we always have F_S=2 as a minimum, so it's fine to patch it > > locally. > > As a default != as a minimum. I don't know what your point is. If a user sets -U..., that's their own doing. (In reply to Sam James from comment #5) > Sounds like you could just add -DPARANOID in the ebuild then. It is already enabled by default via USE="+hardened", but it sets -D_FORTIFY_SOURCE=2 which causes this bug. > The rest of > that > is either default or a bad idea (-fstack-check is considered obsolete and we > already set -fstack-clash-protection). > > We already set an SSP buffer size of 4. I know, but configure.ac is made to be universal, not Gentoo-specific. Not everywhere SSP buffer is set that way as well as other options. I probably need to add gcc feature test, because unconditionally using -D_FORTIFY_SOURCE=3 will break builds for users with older gcc. |
