On Tue, Dec 6, 2022 at 4:05 AM Richard W.M. Jones <rjo...@redhat.com> wrote:
>
> On Tue, Dec 06, 2022 at 01:35:04AM +0100, Jaroslav Prokop wrote:
> > On 12/5/22 20:58, Ben Cotton wrote:
> >
> >     The core change to bring in this mitigation is to change the default
> >     build flags in `redhat-rpm-config` so that packages build by default
> >     with `-Wp,-D_FORTIFY_SOURCE=3`. There are packages (e.g. `systemd`)
> >     that do not interact well with `_FORTIFY_SOURCE` and will also need a
> >     workaround to downgrade fortification to level 2. The change will also
> >     include this override.
> >
> > How come systemd gets an exception? If it is a security option, it should be
> > enabled everywhere.
>
> I don't believe the proposal is that everyone *has* to use this (or at
> least, I hope not).  Even existing _FORTIFY_SOURCE=2 is optional.  I'd
> like to know what the problems are that affect systemd however.

Yes, I intend it to be the same as _FORTIFY_SOURCE=2.  In fact, I'm
thinking of a %fortify_level macro override that allows packages to
override this without fiddling directly with cflags.

Thanks,
Sid
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to