Fedora 20 Will Have A Security/Performance Change
With Fedora 19 being released soon, the Fedora Engineering and Steering Committee has begun evaluating potential changes/features for Fedora 20. One of the features that was approved today is a build change for the RPMs that can yield greater code security but at the potential cost of performance.
The change that was approved today is a GCC flag change for now using "-fstack-protector-strong" on building Fedora RPM packages rather than just the "-fstack-protector" argument. The -fstack-protector flag has the compiler generate extra code automatically to check for buffer overflows. If a guard check fails -- meaning a potential buffer overflow occurred within the application -- there's an error message and the program exits. Fedora has been using -fstack-protector but now they are looking to use -fstack-protector-strong.
The strong fstack-protector came out of Google and was committed last year to the GNU Compiler Collection. The -fstack-protector-strong is a middle ground between the simple fstack-protector and fstack-protector-all, which is the greatest level of stack protection but can cost in run-time performance. Google suffered from a performance penalty when using fstack-protector-all for Chrome OS, so they devised fstack-protector-strong as a nice balance between the two existing commands.
When it was published last year, Google had been using it with Chromium OS already for a period of two years and didn't find any security problems.
Fedora 20 will now build with fstack-protector-strong to provide for greater stack protection over their simple fstack-protector they had been using, but aren't leaping to fstack-protector-all.
While this has the potential for slightly decreasing the performance, if there are performance regressions to be found, a reversion could take place prior to the mass rebuild for the Fedora 20 release. The details of this change were shared in today's FESCo meeting minutes.
The change that was approved today is a GCC flag change for now using "-fstack-protector-strong" on building Fedora RPM packages rather than just the "-fstack-protector" argument. The -fstack-protector flag has the compiler generate extra code automatically to check for buffer overflows. If a guard check fails -- meaning a potential buffer overflow occurred within the application -- there's an error message and the program exits. Fedora has been using -fstack-protector but now they are looking to use -fstack-protector-strong.
The strong fstack-protector came out of Google and was committed last year to the GNU Compiler Collection. The -fstack-protector-strong is a middle ground between the simple fstack-protector and fstack-protector-all, which is the greatest level of stack protection but can cost in run-time performance. Google suffered from a performance penalty when using fstack-protector-all for Chrome OS, so they devised fstack-protector-strong as a nice balance between the two existing commands.
When it was published last year, Google had been using it with Chromium OS already for a period of two years and didn't find any security problems.
Fedora 20 will now build with fstack-protector-strong to provide for greater stack protection over their simple fstack-protector they had been using, but aren't leaping to fstack-protector-all.
While this has the potential for slightly decreasing the performance, if there are performance regressions to be found, a reversion could take place prior to the mass rebuild for the Fedora 20 release. The details of this change were shared in today's FESCo meeting minutes.
4 Comments