GCC-4.1

[Greg Schafer]

On Mon, Jan 23, 2006 at 04:37:23PM +1100, Greg Schafer wrote:

> I'm still yet to get my head around some of the new features that will
> become available ie: -fstack-protector, __builtin_object_size (ie:
> _FORTIFY_SOURCE) etc.. but I suspect we'll need Glibc-2.4.x to realize the
> full potential anyway.

Just a small followup to above. I've been grovelling thru' Fedora's Rawhide
trying to figure out how to enable all the "cool stuff". Essentially, the
Fedora RPM based build system grabs its default flags from a package called
"redhat-rpm-config". You can download and unpack the src.rpm to see for
yourself. 

The whole FC5 distro will be pretty much compiled with:

-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=pentium4
-fasynchronous-unwind-tables

There are of course execptions and overrides in various individual spec
files but the above flags represent the general idea.

Therefore, ISTM that special action will be necessary to take advantage of
the new security features that GCC-4.1 brings to the table ie:
-fstack-protector and -D_FORTIFY_SOURCE. Just to clarify, -D_FORTIFY_SOURCE
is a Glibc'ism but it relies on __builtin_object_size which is provided by
GCC-4.1. Note also that Glibc-2.3.x already has minimal support for
-D_FORTIFY_SOURCE but Glibc-2.4.x has much expanded coverage.

Regards
Greg