[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE

From: Jeffrey Walton
Subject: gnucobol-3.1-rc1 and -U_FORTIFY_SOURCE
Date: Sun, 12 Jul 2020 09:25:34 -0400

Hi Everyone,

This caught my eye:

/bin/sh ../libtool  --tag=CC   --mode=compile gcc -std=gnu99
-DHAVE_CONFIG_H -I. -I.. <...> -U_FORTIFY_SOURCE -MT common.lo -MD -MP
-MF .deps/common.Tpo -c -o common.lo common.c

Disabling _FORTIFY_SOURCE will cause GNU Cobol to fail audits and
acceptance testing. For example, checksec
(https://github.com/slimm609/checksec.sh) will generate findings on
the output artifacts.

It also begs the question  "why?" As far as I know, the option should
only be needed when buffer overflows are OK. We typically see
-U_FORTIFY_SOURCE when someone is experimenting with stack based
overflows in pentesting courses.

If you really need -U_FORTIFY_SOURCE, then you might consider adding a
discussion in README or NOTES file explaining why.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]