Open disconnect3d opened 1 year ago
This commit fixes the mistake in the _FORTIFY_SOURCE macro where it was not prefixed with underscore while it has to be (see e.g. https://github.com/search?q=repo%3Abminor%2Fglibc%20FORTIFY_SOURCE&type=code).
_FORTIFY_SOURCE
Additionally, to make this macro add extra security, one has to enable optimizations. I am not sure if the configure enables them, but it is worth double checking that as well.
Overall, I would recommend using -D_FORTIFY_SOURCE=3 with -O2 or -O3. (The fortify source level 3 was added recently and you can read more about it here: https://developers.redhat.com/blog/2021/04/16/broadening-compiler-checks-for-buffer-overflows-in-_fortify_source).
-D_FORTIFY_SOURCE=3
-O2
-O3
You can also see the result of the correct vs incorrect macro along with optimizations and no optimizations on this screenshot (source):
PS: Also note that some other makefiles in this repository sets this macro properly (to a value of 2, but still).
This commit fixes the mistake in the
_FORTIFY_SOURCE
macro where it was not prefixed with underscore while it has to be (see e.g. https://github.com/search?q=repo%3Abminor%2Fglibc%20FORTIFY_SOURCE&type=code).Additionally, to make this macro add extra security, one has to enable optimizations. I am not sure if the configure enables them, but it is worth double checking that as well.
Overall, I would recommend using
-D_FORTIFY_SOURCE=3
with-O2
or-O3
. (The fortify source level 3 was added recently and you can read more about it here: https://developers.redhat.com/blog/2021/04/16/broadening-compiler-checks-for-buffer-overflows-in-_fortify_source).You can also see the result of the correct vs incorrect macro along with optimizations and no optimizations on this screenshot (source):
PS: Also note that some other makefiles in this repository sets this macro properly (to a value of 2, but still).