From Fedora Project Wiki
Line 66: Line 66:
== Benefit to Fedora ==
== Benefit to Fedora ==


Improved security.
This change will harden Fedora to a significant extent, thus making it a more secure distribution out of the box.
 
<!-- What is the benefit to the platform?  If this is a major capability update, what has changed?  If this is a new functionality, what capabilities does it bring? Why will Fedora become a better distribution or project because of this proposal?-->


== Scope ==
== Scope ==

Revision as of 15:38, 5 December 2022


Add _FORTIFY_SOURCE=3 to distribution build flags

Summary

Replace the current _FORTIFY_SOURCE=2 with _FORTIFY_SOURCE=3 to improve mitigation of security issues arising from buffer overflows in packages in Fedora.

Owner

Current status

  • Targeted release: Fedora 38
  • Last updated: 2022-12-05
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Default C and C++ compiler flags to build packages in Fedora currently includes -Wp,-D_FORTIFY_SOURCE=2, which enables fortification of some functions in glibc, thus providing some mitigation against buffer overflows. Since glibc 2.34 and GCC 12, there has been a new fortification level (_FORTIFY_SOURCE=3) which improves the coverage of this mitigation. Analysis of packages in Fedora rawhide indicate that the improvement of mitigation coverage is on average over 2.4x, in some cases protecting more than half of the fortified glibc calls in the target application.

The core change to bring in this mitigation is to change the default build flags in redhat-rpm-config so that packages build by default with -Wp,-D_FORTIFY_SOURCE=3.

Benefit to Fedora

This change will harden Fedora to a significant extent, thus making it a more secure distribution out of the box.

Scope

  • Proposal owners:

Build all packages and report failures.

  • Other developers:

Fix bugs filed for build failures.

  • Policies and guidelines: None
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

No ABI change, so there should be no impact on compatibility in a mixed environment.

How To Test

- fortify-metrics to get compiler level metrics of coverage improvement - Smoke testing of packages to ensure that they continue to work correctly. Some packages may have overflows exposed at runtime, which may need to be fixed.


User Experience

No noticeable change to users.

Dependencies

None.

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No
  • Blocks product? product

Documentation

TODO

Release Notes

Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/Add_FORTIFY_SOURCE%3D3_to_distribution_build_flags&oldid=662148"