Bug 12369

Summary: CONFIG_FORTIFY_SOURCE is not enabled on armv6l
Product: IPFire Reporter: Peter Müller <peter.mueller>
Component: ---Assignee: Peter Müller <peter.mueller>
Status: CLOSED WONTFIX QA Contact:
Severity: Security    
Priority: Will only affect a few users CC: peter.mueller
Version: 2   
Hardware: unspecified   
OS: All   
Bug Depends on:    
Bug Blocks: 12361    

Description Peter Müller 2020-04-14 15:29:36 UTC 
Quote from https://capsule8.com/blog/kernel-configuration-glossary/:

> Significance: High
> 
> Detect overflows of buffers in common string and memory functions where the
> compiler can determine and validate the buffer sizes.

Not sure if we can enable this on armv5tel.
Comment 1 Peter Müller 2020-06-09 17:59:27 UTC 
aarch64:  https://patchwork.ipfire.org/patch/3180/
armv5tel: https://patchwork.ipfire.org/patch/3181/
Comment 2 Peter Müller 2022-04-06 17:26:37 UTC 
As of today:

$ grep CONFIG_FORTIFY_SOURCE *
kernel.config.aarch64-ipfire:CONFIG_FORTIFY_SOURCE=y
kernel.config.armv6l-ipfire:# CONFIG_FORTIFY_SOURCE is not set
kernel.config.riscv64-ipfire:CONFIG_FORTIFY_SOURCE=y
kernel.config.x86_64-ipfire:CONFIG_FORTIFY_SOURCE=y
Comment 3 Peter Müller 2022-10-06 08:32:57 UTC 
Given the deprecation of 32-bit ARM, I consider this as WONTFIX.

https://blog.ipfire.org/post/ipfire-2-27-core-update-171-is-available-for-testing