On Fri, Jun 01, 2007 at 08:16:44PM +0300, Elad Efrat wrote:
> YAMAMOTO Takashi wrote:
> 
> >>Adjust the system build so that all programs and libraries that are 
> >>setuid,
> >>directly handle network data (including serial comm data), perform
> >>authentication, or appear likely to have (or have a history of having)
> >>data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
> >>with the exception of libc, which cannot use USE_FORT and thus uses
> >>only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
> >>per-directory or in a system build will disable if desired.
> >
> >where was it proposed?
> 
> "what he said." :)

My understanding is that it was intended to move as much of the system
as possible to building with FORTIFY_SOURCE when we initially imported/
enabled SSP, and that Christos had said as much.

> also, where is the consensus of the class of programs to protect with
> USE_FORT taken from? and what's the reason for it?

It takes a considerable amount of time to get large sets of source files
building cleanly with FORTIFY_SOURCE because one finds various failures
to conform to the C standard (non-tolerance of standard functions implemented
as macros in header files) and some genuine and sometimes rather complex
bugs (e.g. the struct ifreq problem).  My intent was to get as much value
for the initial investment of time as possible.

Thor