(This is a report of a pre-10.0 article from internal list). Hi folks, The gcc 4 introduction brings fortunately some enhancements in regards to better checks for security problems. One of them is light weight buffer overflow checking during compile and runtime. Technical Details: ================== If the C compiler define -D_FORTIFY_SOURCE=x is specified (x can be 1 or 2 currently), special versions of "memcpy", "strcpy", "sprintf", "gets", and so on are defined and compiled differently, so that code like this: char buf[10]; strcpy(buf,"Hello world!"); now generates warnings like: xx.c:5: warning: call to __builtin___strcpy_chk will always overflow destination buffer and runtime errors like: ./xx *** buffer overflow detected *** Those errors of course need to be fixed. This checking method can only detect overflows if the destination buffer size is known at compile time. The performance impact of this method is low. Current Status: =============== Introduced with 10.0 snapshot 2 we are now using "-D_FORTIFY_SOURCE=2" as default in the RPM_OPT_FLAGS. We have fixed all problems we found in the buildsystem already. Packager TODOs: =============== However, this requires the following from you: * Make sure that strcpy, memcpy and friends are not implicitly defined. If you see this warning: "implicit declaration of function #strcpy#" it will not detect those simple buffer overflows. To fix such cases, include the standard header: <string.h> (for *printf warnings, <stdio.h>) * Make sure your package uses RPM_OPT_FLAGS for compiling C and C++ code. There is still a number of package that does not do this. I have run a heuristics (grep ;) over all our autobuild logfiles to find such offenders. The logfile seperated by maintainer is in: <internalpath> the full warnings logfile is at <internalpath> NOTE! There might be reasons you can't use RPM_OPT_FLAGS, or that only matches for package internal buildtools where found. These are cases where the heuristic failed. This is no official endorsement of RPM_OPT_FLAGS (yet). Ciao, Marcus