bacula not compiled with FORTIFY_SOURCE

Bug #265102 reported by Kees Cook
Affects Status Importance Assigned to Milestone
bacula (Ubuntu)

Bug Description

Binary package hint: bacula

Due to upstream's strange use of redefinable extern unions, fortify has unfriendly behavior. It would be nice to fix this in a sensible fashion so that the rest of bacula could get fortify protections.

Kees Cook (kees)
Changed in bacula:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Kern Sibbald (kern) wrote :

This problem *should* already be fixed in the trunk, though I have never actually tried building and running it with fortify source.

We *strongly* recommend not to enable fortify source. Bacula is already well protected and has its own buffer overrun detection that in general detects most overrun problems earlier and better than glibc and produces a reasonable traceback in the process. If you do enable fortify source, we cannot exclude that you will encounter other such problems.

Revision history for this message
Kees Cook (kees) wrote :

Yeah, this is mostly a place-holder bug so we can review the roll-out of fortify-source distro-wide. Thanks for looking into it! It does seem clear that glibc got confused about the union size.

Revision history for this message
Kern Sibbald (kern) wrote :

This ticket is a bit old. Could someone please try turning on fortify source with a current 5.2.x version
and see if there is a problem. If there is I will fix it. That said, I still recommend against using fortify
source, as I previously wrote, Bacula has all its own routines since 10 years so adding fortify source
will only add unnecessary additional overhead.

Just the same, I would like to see this ticket closed one way or another.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.