[DTrace-devel] [PATCH 2/2] libcommon: turn off FORTIFY_SOURCE more aggressively
Nick Alcock
nick.alcock at oracle.com
Thu Jan 16 21:33:32 UTC 2025
This is incompatible with dof_parser_t's use of trailing strings of
variable length, and buys us nothing anyway since we're running in a
seccomped parser child and any buffer overruns are harmless and cannot
result in anything other than a dying child. We were already -U'ing
FORTIFY_SOURCE in libcommon_CPPFLAGS, but that precedes CFLAGS on the
command line, so if the build system passes -D_FORTIFY_SOURCE there, it
still takes effect.
Use _NOCFLAGS and _NOCPPFLAGS to explicitly disable every level of
fortification that currently exists.
Signed-off-by: Nick Alcock <nick.alcock at oracle.com>
---
libcommon/Build | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libcommon/Build b/libcommon/Build
index fd54dc044f9af..00c0d46d125e4 100644
--- a/libcommon/Build
+++ b/libcommon/Build
@@ -10,4 +10,6 @@ libcommon_TARGET = libcommon
libcommon_DIR := $(current-dir)
libcommon_CPPFLAGS := -Ilibcommon -Ilibproc -U_FORTIFY_SOURCE
libcommon_SOURCES = dof_parser.c dof_parser_host.c dt_list.c
+libcommon_NOCFLAGS := -D_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1 -D_FORTIFY_SOURCE=2 -D_FORTIFY_SOURCE=3
+libcommon_NOCPPFLAGS := -D_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1 -D_FORTIFY_SOURCE=2 -D_FORTIFY_SOURCE=3
libcommon_LIBSOURCES = libcommon
--
2.47.1.279.g84c5f4e78e
More information about the DTrace-devel
mailing list