We hope to get closer to our goal of having safer applications deployed on RHEL. We can accomplish this goal with more applications and libraries containing good compiler annotations and built with _FORTIFY_SOURCE=3
I note they say nothing about turning it on by default at the distro level. Might that come later, or is that too risky for RHEL?
Please note the performance update in the wiki page. Vladimir Makarov from my team ran SPEC2000 and SPEC2017 and found no difference in performance between _FORTIFY_SOURCE=2 and _FORTIFY_SOURCE=3. In fact, some tests in SPEC2000 ran slightly faster with _FORTIFY_SOURCE=3,
Looking at the data provided in the spreadsheet for this change, binary size changed by ±0.00% (!) on average, so that doesn’t look bad at all. Performance impact is apparently also a wash, with some workloads slightly regressing, but others slightly improving - so that doesn’t look bad, either. But it sounds like the better security hardening is, in fact, very worthwhile.
I note they say nothing about turning it on by default at the distro level. Might that come later, or is that too risky for RHEL?
In other distributions:
Some ‘pull quotes’ from the Fedora discussion:
Presumably they want to let it bake in Fedora for a while before turning it on in RHEL?