Tux Machines

Fedora and Red Hat Leftovers

Posted by Roy Schestowitz on Feb 06, 2023,

updated Feb 06, 2023

=> Games and Applications for GNU/Linux: Pixel Wheels, OpenTTD, Iotas, and Ethereum Wallets | SparkyLinux 6.6 Brings Latest Debian Bullseye Updates, Linux 6.1 Kernel Support

Thomas Vander Stichele: SRE Philosophy With Jennifer Mace

=> ↺ Thomas Vander Stichele: SRE Philosophy With Jennifer Mace

"Even the most junior SRE on call starts having director authority. [..] There is a power in that relationship that SRE does have when they think something is in danger. And it's a power we have to be careful not to misuse. But it's important, because that's our job."

Fedora Community Blog: CPE Weekly Update – Week 5 2023

=> ↺ Fedora Community Blog: CPE Weekly Update – Week 5 2023

This is a weekly report from the CPE (Community Platform Engineering) Team. If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on libera.chat.

=> ↺ libera.chat

=> ↺ libera.chat

How to improve application security using _FORTIFY_SOURCE=3

=> ↺ How to improve application security using _FORTIFY_SOURCE=3

Last year I wrote about the new level for _FORTIFY_SOURCE and how it promises to significantly improve application security mitigation in C/C++. In this article, I will show you how an application or library developer can get the best possible fortification results from the compiler to improve the security of applications deployed on Red Hat Enterprise Linux, for instance. There are shades of previous articles about GCC. But that just goes to show how compiler features tie in together to provide security protection at multiple levels, from prevention to mitigation. First, we should take a closer look at the potential impact of _FORTIFY_SOURCE=3 on performance and code size of applications.

=> ↺ new level for _FORTIFY_SOURCE | ↺ Red Hat Enterprise Linux

The _FORTIFY_SOURCE=3 builtin improves fortification coverage by evaluating and passing size expressions instead of the constants seen in _FORTIFY_SOURCE=2, which generates additional code and potentially more register pressure. But the impact of that additional code appears to be trivial in practice. When I compared nearly 10 thousand packages in Fedora rawhide, I found barely any impact on code size. Some binaries grew while others shrunk, indicating a change in generated code, but there was no broad increase in code size.

=> ↺ 10 thousand packages

=> ↺ new level for _FORTIFY_SOURCE | ↺ Red Hat Enterprise Linux | ↺ 10 thousand packages

Fedora Magazine: Join the conversation

=> ↺ Fedora Magazine: Join the conversation

U.S. politician Daniel Webster described the U.S. government as, “… the people’s government, made for the people, made by the people, and answerable to the people.”[1] Similarly, the Fedora Project is “a community of people working together”[2] and it is “led by contributors from across the community.”[3] In other words, “It is what you make of it.”[4]

=> ↺ [1] | ↺ [2] | ↺ [3] | ↺ [4]

=> ↺ [1] | ↺ [2] | ↺ [3] | ↺ [4]

=> gemini.tuxmachines.org