[CDRIVER-1574] Remove --enable-hardening (which is a NOOP) Created: 03/Oct/16  Updated: 12/Jan/17  Resolved: 11/Oct/16

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.5.0

Type: Bug Priority: Minor - P4
Reporter: Hannes Magnusson Assignee: Hannes Magnusson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to CDRIVER-1688 Test in Evergreen with hardening flags Closed

 Description   

libbson and mongoc both have

  --enable-hardening      Enable compiler and linker options to frustrate
                          memory corruption exploits [yes]

Turns out however, the configured CFLAGS and LDFLAGS are never actually used by either libbson nor mongoc, and never have.



 Comments   
Comment by Githook User [ 12/Oct/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1574 Remove --enable-hardening
Branch: master
https://github.com/mongodb/libbson/commit/6caf169ee72cab340560ea18314d61f98e391d21

Comment by Githook User [ 11/Oct/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1574 Remove --enable-hardening
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/a36dcda79c51ba03474383d13941403933e5f12e

Comment by Hannes Magnusson [ 05/Oct/16 ]

This broke platforms that actually support _FORTIFY_SOURCE

[2016/10/05 14:44:03.350]                  from src/mongoc/mongoc-apm.c:17:
[2016/10/05 14:44:03.350] /usr/include/features.h:330:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
[2016/10/05 14:44:03.350]  #  warning _FORTIFY_SOURCE requires compiling with optimization (-O)

acm Raised a good point that.. maybe we shouldn't be doing this at all?
It has never worked or done anything, so we aren't "removing anything" by removing this configure flag.
Those who would like to build their tools with hardening flags, like distro packagers, probably do so globally through CFLAGS...

If we choose to keep these flags, we need to actually check if they work. See https://github.com/mongodb/mongo/blob/master/SConstruct#L2384

Comment by Githook User [ 05/Oct/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1574: Quick disabling hardening, it broke RHEL
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/589f554cdde6384c50954cc7fa9f8a351bda4ba1

Comment by Githook User [ 05/Oct/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1574 --enable-hardening is a NOOP
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/da7e2e2cc9a56a51f1bb51afab208196707738b8

Comment by Hannes Magnusson [ 03/Oct/16 ]

libsson:
https://github.com/mongodb/libbson/commit/2ba3b407f5ed713f4770400a34330960834b6552

Generated at Wed Feb 07 21:12:55 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.