Bug 442107 - Squid not built using fortify source
Squid not built using fortify source
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: squid (Show other bugs)
4.6
All Linux
low Severity low
: rc
: ---
Assigned To: Martin Nagy
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-11 15:10 EDT by Martin Nagy
Modified: 2016-07-26 19:46 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-09 04:37:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Martin Nagy 2008-04-11 15:10:07 EDT
Description of problem:
Squid is not built with %{optflags} and therefore lacks -D_FORTIFY_SOURCE=2 and
-O2 flags. With these flags, squid will be more secure when processing untrusted
input (which it does a lot).

Version-Release number of selected component (if applicable):
squid-2.5.STABLE14-4.el4

How reproducible:
See build logs.

Actual results:
no -D_FORTIFY_SOURCE=2 flag used with gcc

Expected results:
-D_FORTIFY_SOURCE=2 flag used with gcc
Comment 1 Martin Nagy 2008-06-05 08:12:49 EDT
I'm starting to rethink this. It actually could be dangerous to do this. If
there are any bugs in squid that are "invisible" in the sense that they do not
do any damage, it could cause squid to crash.

Note You need to log in before you can comment on or make changes to this bug.