Bug 442107
| Summary: | Squid not built using fortify source | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 4 | Reporter: | Martin Nagy <mnagy> |
| Component: | squid | Assignee: | Martin Nagy <mnagy> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 4.6 | CC: | hripps |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-06-09 08:37:56 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I'm starting to rethink this. It actually could be dangerous to do this. If there are any bugs in squid that are "invisible" in the sense that they do not do any damage, it could cause squid to crash. |
Description of problem: Squid is not built with %{optflags} and therefore lacks -D_FORTIFY_SOURCE=2 and -O2 flags. With these flags, squid will be more secure when processing untrusted input (which it does a lot). Version-Release number of selected component (if applicable): squid-2.5.STABLE14-4.el4 How reproducible: See build logs. Actual results: no -D_FORTIFY_SOURCE=2 flag used with gcc Expected results: -D_FORTIFY_SOURCE=2 flag used with gcc