Fedora 38 To Beef Up Its Compiler Fortification Defenses

In addition to Fedora 38 now allowing "no-omit-frame-pointer" to enhance profiling/debugging with possible performance costs, this next Fedora Linux release is also planning to use "_FORTIFY_SOURCE=3" compiler defenses to further bolster security.

The _FORTIFY_SOURCE=3 level allows detecting more buffer overflows and other possible security issues. GCC 12 and Glibc 2.34 have supported the _FORTIFY_SOURCE=3 level for detecting more problems at compile-time and run-time while is in good enough shape that FESCo has approved of fortify source level three replacing level two as a default compiler setting. Developers believe the improved security coverage from _FORTIFY_SOURCE=3 is well worth the small performance overhead cost and code size increase of the new level.

The Fedora Engineering and Steering Committee has granted the change proposal to use "_FORTIFY_SOURCE=3" as part of the default compiler flags when building packages to help in mitigating security issues. Though some packages will revert to _FORTIFY_SOURCE=2 as packages like systemd currently have issues with the higher fortification level.

Red Hat / Fedora developers believe that the increased fortification level improves mitigation coverage by a factor of 2.4x and in some cases protecting more than half of the fortified glibc calls in target applications. Fedora isn't the first to engage _FORTIFY_SOURCE=3 at a distribution level but openSUSE ALP is using the new level by default and Gentoo's hardened profile is also likely to use this new level too.

More details on this increased security change via the Fedora Wiki. Over on the Red Hat Developer Blog is more information in general on this higher fortification level with GCC.