Description of problem: Squid is not built with %{optflags} and therefore lacks -D_FORTIFY_SOURCE=2 and -O2 flags. With these flags, squid will be more secure when processing untrusted input (which it does a lot). Version-Release number of selected component (if applicable): squid-2.5.STABLE14-4.el4 How reproducible: See build logs. Actual results: no -D_FORTIFY_SOURCE=2 flag used with gcc Expected results: -D_FORTIFY_SOURCE=2 flag used with gcc
I'm starting to rethink this. It actually could be dangerous to do this. If there are any bugs in squid that are "invisible" in the sense that they do not do any damage, it could cause squid to crash.