12369 – CONFIG_FORTIFY_SOURCE is not enabled on armv6l

Bug 12369 - CONFIG_FORTIFY_SOURCE is not enabled on armv6l

Summary: CONFIG_FORTIFY_SOURCE is not enabled on armv6l

Status:	CLOSED WONTFIX

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	unspecified All

Importance:	Will only affect a few users Security
Assignee:	Peter Müller
QA Contact:

URL:
Keywords:

Depends on:
Blocks:	KERNSEC
	Show dependency tree / graph

Reported:	2020-04-14 15:29 UTC by Peter Müller
Modified:	2022-10-06 08:32 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Peter Müller 2020-04-14 15:29:36 UTC

Quote from https://capsule8.com/blog/kernel-configuration-glossary/:

> Significance: High
> 
> Detect overflows of buffers in common string and memory functions where the
> compiler can determine and validate the buffer sizes.

Not sure if we can enable this on armv5tel.

Comment 1 Peter Müller 2020-06-09 17:59:27 UTC

aarch64:  https://patchwork.ipfire.org/patch/3180/
armv5tel: https://patchwork.ipfire.org/patch/3181/

Comment 2 Peter MÃ¼ller 2022-04-06 17:26:37 UTC

As of today:

$ grep CONFIG_FORTIFY_SOURCE *
kernel.config.aarch64-ipfire:CONFIG_FORTIFY_SOURCE=y
kernel.config.armv6l-ipfire:# CONFIG_FORTIFY_SOURCE is not set
kernel.config.riscv64-ipfire:CONFIG_FORTIFY_SOURCE=y
kernel.config.x86_64-ipfire:CONFIG_FORTIFY_SOURCE=y

Comment 3 Peter MÃ¼ller 2022-10-06 08:32:57 UTC

Given the deprecation of 32-bit ARM, I consider this as WONTFIX.

https://blog.ipfire.org/post/ipfire-2-27-core-update-171-is-available-for-testing