On Fri, Jun 01, 2007 at 11:52:57PM +0300, Elad Efrat wrote:
> Thor Lancelot Simon wrote:
> 
> >>also, where is the consensus of the class of programs to protect with
> >>USE_FORT taken from? and what's the reason for it?
> >
> >It takes a considerable amount of time to get large sets of source files
> >building cleanly with FORTIFY_SOURCE because one finds various failures
> >to conform to the C standard (non-tolerance of standard functions 
> >implemented
> >as macros in header files) and some genuine and sometimes rather complex
> >bugs (e.g. the struct ifreq problem).  My intent was to get as much value
> >for the initial investment of time as possible.
> 
> in other words, it is planned to, as time goes by, make more parts of
> the system build with USE_FORT, correct?

RedHat builds "all core system packages" this way.  I think it's a good
idea, though I want to do some benchmarking to see if we need to provide
alternate binaries of certain libraries for people doing, e.g. numerical
computing on private networks.

-- 
Thor Lancelot Simon	                               tls@rek.tjls.com
  "All of my opinions are consistent, but I cannot present them all
   at once."	-Jean-Jacques Rousseau, On The Social Contract