Subject: Re: CVS commit: src
To: Elad Efrat <e@murder.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: source-changes
Date: 05/31/2007 17:07:21
On Fri, Jun 01, 2007 at 11:52:57PM +0300, Elad Efrat wrote:
> Thor Lancelot Simon wrote:
>
> >>also, where is the consensus of the class of programs to protect with
> >>USE_FORT taken from? and what's the reason for it?
> >
> >It takes a considerable amount of time to get large sets of source files
> >building cleanly with FORTIFY_SOURCE because one finds various failures
> >to conform to the C standard (non-tolerance of standard functions
> >implemented
> >as macros in header files) and some genuine and sometimes rather complex
> >bugs (e.g. the struct ifreq problem). My intent was to get as much value
> >for the initial investment of time as possible.
>
> in other words, it is planned to, as time goes by, make more parts of
> the system build with USE_FORT, correct?
RedHat builds "all core system packages" this way. I think it's a good
idea, though I want to do some benchmarking to see if we need to provide
alternate binaries of certain libraries for people doing, e.g. numerical
computing on private networks.
--
Thor Lancelot Simon tls@rek.tjls.com
"All of my opinions are consistent, but I cannot present them all
at once." -Jean-Jacques Rousseau, On The Social Contract