Web lists-archives.com

Re: Seeking hardening flag / blhc expoert




So apparently the 'D_FORTIFY_SOURCE=2' is in CPPFLAGS (not read by
cmake) but not in CXXFLAGS (read by cmake)[1].

So maybe I should define?
CXXFLAGS=$(CXXFLAGS) $(CPPFLAGS)

This is the current state of mysqld, should I be happy with this or is
it relevant that all functions are protected?

hardening-check --verbose --color  mysqld
mysqld:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
unprotected: strcpy
unprotected: strcat
unprotected: recv
unprotected: snprintf
unprotected: getcwd
unprotected: readlink
unprotected: memset
unprotected: poll
unprotected: fread
unprotected: fgets
unprotected: strncpy
unprotected: sprintf
unprotected: stpcpy
unprotected: strncat
unprotected: memcpy
unprotected: read
unprotected: confstr
unprotected: pread64
unprotected: memmove
unprotected: gethostname
protected: strcpy
protected: snprintf
protected: vfprintf
protected: memset
protected: poll
protected: vasprintf
protected: fread
protected: strncpy
protected: sprintf
protected: vsprintf
protected: memcpy
protected: fdelt
protected: realpath
protected: pread64
protected: vsnprintf
protected: fprintf
protected: memmove
protected: printf
 Read-only relocations: yes
 Immediate binding: yes



[1] https://cmake.org/Bug/view.php?id=12928