Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: _FORTIFY_SOURCE=2

From: David Fifield <david () bamsoftware com>
Date: Sat, 14 Feb 2009 09:19:37 -0700
On Thu, Jan 22, 2009 at 02:38:42PM -0700, David Fifield wrote:

On Sun, Jan 04, 2009 at 07:49:18PM -0800, Fyodor wrote:

On Sat, Jan 03, 2009 at 10:39:49AM +0000, doug () hcsw org wrote:

For anyone not familiar with this error message, it is from a fairly
recent addition to gcc called _FORTIFY_SOURCE. Kris observed this
error because Ubuntu enables _FORTIFY_SOURCE=2 by default on all
gcc compiles, unlike many other linux distros.


Sounds like a great feature!  Anyone want to make a patch so that Nmap
always uses this when available?  It would be good for security, and
may help us identify bugs which might otherwise go unnoticed (as we
saw in this case).  Ideally it would cover PCRE and OpenSSL too.


I defined _FORTIFY_SOURCE=2 in nmap, nbase, ncat, and nsock. A few tests
scans didn't show anything obviously failing. I think I'll be able to
test speed in an upcoming nmap-perf benchmark.


I didn't have any new nmap-perf benchmarks but I ran one just for
_FORTIFY_SOURCE.

http://www.bamsoftware.com/wiki/Nmap/PerformanceNotes#bench-fortify

It didn't affect performance on the one computer I tried it on.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: