(This is a report of a pre-10.0 article from internal list).
Hi folks,
The gcc 4 introduction brings fortunately some enhancements in
regards to better checks for security problems.
One of them is light weight buffer overflow checking during compile
and runtime.
Technical Details:
==================
If the C compiler define -D_FORTIFY_SOURCE=x is specified
(x can be 1 or 2 currently), special versions of "memcpy", "strcpy",
"sprintf", "gets", and so on are defined and compiled differently,
so that code like this:
char buf[10];
strcpy(buf,"Hello world!");
now generates warnings like:
xx.c:5: warning: call to __builtin___strcpy_chk will always overflow destination buffer
and runtime errors like:
./xx
*** buffer overflow detected ***
Those errors of course need to be fixed.
This checking method can only detect overflows if the destination buffer
size is known at compile time.
The performance impact of this method is low.
Current Status:
===============
Introduced with 10.0 snapshot 2 we are now using "-D_FORTIFY_SOURCE=2" as
default in the RPM_OPT_FLAGS.
We have fixed all problems we found in the buildsystem already.
Packager TODOs:
===============
However, this requires the following from you:
* Make sure that strcpy, memcpy and friends are not implicitly defined.
If you see this warning:
"implicit declaration of function #strcpy#"
it will not detect those simple buffer overflows.
To fix such cases, include the standard header: