Re: F38 proposal: Add _FORTIFY_SOURCE=3 to distribution build flags (System-Wide Change proposal)

Vitaly Zaitsev via devel Wed, 07 Dec 2022 00:04:00 -0800

On 06/12/2022 23:20, Michael Catanzaro via devel wrote:

Even if extra bounds checking makes code 10% slower, which seems very unlikely, 
the benefit of the extra hardening would still be worth it. _FORTIFY_SOURCE=3 
is going to make it harder to hack Fedora users, converting code execution 
vulnerabilities into denial of service vulnerabilities.


No, it doesn't. 3% maximum is acceptable in this case.

Me and all my friends use mitigations=off. A huge performance penaltyfor the sake of potential vulnerabilities that still need to be able toexploit.


--
Sincerely,
  Vitaly Zaitsev (vit...@easycoding.org)
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F38 proposal: Add _FORTIFY_SOURCE=3 to distribution build flags (System-Wide Change proposal)

Reply via email to