Fedora 20 Will Have A Security/Performance Change

Written by Michael Larabel in Fedora on 26 June 2013 at 03:48 PM EDT. 4 Comments
FEDORA
With Fedora 19 being released soon, the Fedora Engineering and Steering Committee has begun evaluating potential changes/features for Fedora 20. One of the features that was approved today is a build change for the RPMs that can yield greater code security but at the potential cost of performance.

The change that was approved today is a GCC flag change for now using "-fstack-protector-strong" on building Fedora RPM packages rather than just the "-fstack-protector" argument. The -fstack-protector flag has the compiler generate extra code automatically to check for buffer overflows. If a guard check fails -- meaning a potential buffer overflow occurred within the application -- there's an error message and the program exits. Fedora has been using -fstack-protector but now they are looking to use -fstack-protector-strong.

The strong fstack-protector came out of Google and was committed last year to the GNU Compiler Collection. The -fstack-protector-strong is a middle ground between the simple fstack-protector and fstack-protector-all, which is the greatest level of stack protection but can cost in run-time performance. Google suffered from a performance penalty when using fstack-protector-all for Chrome OS, so they devised fstack-protector-strong as a nice balance between the two existing commands.

When it was published last year, Google had been using it with Chromium OS already for a period of two years and didn't find any security problems.

Fedora 20 will now build with fstack-protector-strong to provide for greater stack protection over their simple fstack-protector they had been using, but aren't leaping to fstack-protector-all.

While this has the potential for slightly decreasing the performance, if there are performance regressions to be found, a reversion could take place prior to the mass rebuild for the Fedora 20 release. The details of this change were shared in today's FESCo meeting minutes.
4 Comments
Related News
Fedora 39 Beta Released With Faster DNF, GNOME 45 Desktop
Fedora 40 Eyes Dropping GNOME X11 Session Support
Fedora 40 Looks To Offer KDE Plasma 6 Desktop, Drop The KDE X11 Session
Thunderbird 115 Will Be Rolling Out To Fedora Users
Fedora Workstation 39 Planning To Drop Custom Qt Theming
Upgraded GNU Compiler Toolchain Approved For Fedora 39
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Valve Is A Wonderful Upstream Contributor To Linux & The Open-Source Community
The Maintainer Of The NVIDIA Open-Source "Nouveau" Linux Kernel Driver Resigns
Linux Terminal Emulators Have The Potential Of Being Much Faster
Intel To Further Collaborate With Red Hat, Canonical & SUSE For Intel-Optimized Linux Distros
Microsoft Releases A Big Update To Windows Subsystem For Linux, New Experimental Options
Fedora 40 Eyes Dropping GNOME X11 Session Support
GNOME 45 Released With New Apps, New Activities Indicator
Wine Wayland Driver Updated With Basic Window Management Capabilities