Toolchain upgrades

Robert Connolly robert at linuxfromscratch.org
Mon Jun 26 21:10:54 PDT 2006


I've had trouble finding documentation for -D_FORTIFY_SOURCE... its not in the 
gcc man page. But I did find this:
http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html

which gives a pretty good description. -D_FORTIFY_SOURCE=2 is by-far the most 
popular choice. -D_FORTIFY_SOURCE=3 looks like a debugging feature, and 
-D_FORTIFY_SOURCE=4 looks like a way to disable FORTIFY_SOURCE while still 
defining it. -D_FORTIFY_SOURCE=1 I'm not so clear on.

As an effort at code auditing, I'd like to strive to use "-Wall -Werror" too. 
This will require patching to most packages to get their code up to date with 
gcc-4.1. "-Wformat=2 -Werror" (this includes -Wformat -Wformat-nonliteral 
-Wformat-security -Wformat-y2k) is another idea too. For those of us who 
don't know what vulnerable code looks like, using these options could help.

After looking at the clfs book, and testing, it looks like we can drop the 
installation of libc-headers from chapter 5. The adjusting toolchain in 
chapter 5 can probably go too, only the test needs to be done and that can be 
done in the libc page.

robert



More information about the hlfs-dev mailing list