This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify at the same time.

From: Jakub Jelinek <jakub at redhat dot com>
To: Andrew Pinski <pinskia at gmail dot com>
Cc: Kostya Serebryany <kcc at google dot com>, Yuri Gribov <tetra2005 at gmail dot com>, Florian Weimer <fw at deneb dot enyo dot de>, Maxim Ostapenko <m dot ostapenko at samsung dot com>, GNU C Library <libc-alpha at sourceware dot org>
Date: Sat, 1 Oct 2016 23:50:14 +0200
Subject: Re: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify at the same time.
Authentication-results: sourceware.org; auth=none
References: <8d2403c8-466d-8f1a-e563-8b729deef9ce@redhat.com> <CAJOtW+5r0NQOHh1MKGSoCVyDto7LtJE7d3-oqJy-Yei6AECb8g@mail.gmail.com> <87lgyb9lhf.fsf@mid.deneb.enyo.de> <CAJOtW+7xjtx=DxEOSnaPfpU708RdUJYLRX8prv0bFW=x47+tmA@mail.gmail.com> <20160929100429.GQ7282@tucnak.redhat.com> <CAJOtW+5gnekVLcnUCrHWjYL1agspyZ-v_kOgEp8kyCrviGADJw@mail.gmail.com> <20160929104408.GR7282@tucnak.redhat.com> <CA+=Sn1mj83AL=XKinTbJDwOEEVReVFWTsbprKuVVMbsu=OdA7w@mail.gmail.com> <CAN=P9pjzpygMJKjUDtkKxRn4+4BDG_wJ3qbQhehSJa5UenV6gA@mail.gmail.com> <CA+=Sn1kG1tv2RjtMSAQJ_LOr1RV=_o7eQoPaUm1DALewv1p4kQ@mail.gmail.com>
Reply-to: Jakub Jelinek <jakub at redhat dot com>

On Sat, Oct 01, 2016 at 02:38:24PM -0700, Andrew Pinski wrote:
> On Thu, Sep 29, 2016 at 2:23 PM, Kostya Serebryany <kcc@google.com> wrote:
> > 80 interceptors to support *san and fortification is 80 too many, IMHO.
> > The fact that other pre-compiled libraries use fortify by default is very sad.
> > I think this is a clear case of misuse of fortify because now users of
> > the library can't opt out.
> 
> Why do you think this is very sad?  This is not a misuse of fortify
> but rather santizers not adapting to the changing environments and
> handling how people are treating security issues now.  Remember 10
> years ago there was no such thing as fortification and security was

Well, -D_FORTIFY_SOURCE=2 has been used heavily already 10 years ago.
But I certainly don't find anything sad on the fact that many programs
are fortified, it is a good thing.

> not treated as a first class citizen.  Now Security is treated as a
> first class and people are requiring security before anything else.

	Jakub

References:
- Re: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify at the same time.
  - From: Andrew Pinski

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]