On 07.07.26 11:59, Hans Buschmann wrote:
Some days ago I stumbled over the following Phoronix article with a
proposal for Fedora 45:
Fedora 45 Considering x86_64 Shadow Stack Usage By Default <https://
www.phoronix.com/news/Fedora-45-Consider-Shadow-Stack>
I exemplary checked both the Fedora provided packages and the PGDG
provided packages of pg18 that they are build with Schadow Stack
(SHSTK) and Indirect Branch Tracking (IBT) activated which is true.
It may sometimes be necessary that a quick fix of an apparent bug
encourages the user to recomple the specific component of postgres. The
different compile options result in that the operating system provided
protection can not be guaranteed.
I have discovered this case on x86_64 pg18 on linux built with meson but
I don't know if other architectures have similar mitigations enabled in
the distributed binaries.
As I am not an experienced C-Programmer, there may be other compile
options for other vulnerabilities.
I propose to activate all compiler options as default that are used in
the binary releases of postgres, preferrably in both built systems
(autoconfigure and meson)
Please consider different operating systems (red hat, debian etc), all
supported pg versions, different architectures, different compilers,
different built systems etc.
I don't think this would be a good direction. Distributions are in many
cases better placed to decide when and how to activate certain
protections. The case you point out here is a good example. The
-fcf-protection option was already activated in Fedora 28, but it is
only now that they are considering switching over the base layers of the
OS to activate this facility. It would be unreasonable to expect
PostgreSQL and any other open-source project to track this and sync up
with this. Consider this to see the amount of information that would
need to be tracked and implemented:
https://github.com/jvoisin/compiler-flags-distro