Ubuntu
dpkg package

Please add -D_GLIBCXX_ASSERTIONS to default build flags

Bug #2016042 reported by Mark Esler
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dpkg (Ubuntu)
New
Wishlist
Unassigned
gcc-12 (Ubuntu)
New
Wishlist
Unassigned

Bug Description

This flag has a long history of distro use in Fedora [0] and is used
by Gentoo [1].

_GLIBCXX_ASSERTIONS was developed not to impact ABI or big-O complexity.

> The _GLIBCXX_ASSERTIONS macro defines a subset of the _GLIBCXX_DEBUG
> checks, with no impact on class layout and minimal impact on runtime
> (and no changes in algorithmic complexity). It is intended to be
> suitable for both debug builds and release builds.
[2]

As with -D_FORTIFY_SOURCE=3, poor quality code requires more mitigations
and therefore have higher performance penalties.

When Fedora initially added this default flag some packages FTBFS. Now
packages appear stable.

[0] https://src.fedoraproject.org/rpms/redhat-rpm-config/c/0d162176e9dba1adc330a9ee561b91c8e5e62cb5
[1] https://bugs.gentoo.org/876895
[2] https://bugs.launchpad.net/kicad/+bug/1838448/comments/40

Tags: sec-1935
Revision history for this message
Matthias Klose (doko) wrote :

this is added to Fedora's and Gentoo's build systems. No, this definitely not a GCC default setting

Changed in gcc-12 (Ubuntu):
status: New → Invalid
Revision history for this message
Mark Esler (eslerm) wrote (last edit ):

Security's request to add gcc hardening flags is valid as discussed in https://bugs.launchpad.net/ubuntu/+source/gcc-12/+bug/1972043.

> As Kees says, adding it to gcc means not only does this benefit Ubuntu archive packages, but also any software which is built on a Ubuntu machine using gcc (ie snaps built by launchpad, packages built on Github using Ubuntu as the CI backend etc) - which is a great benefit IMO.

Changed in gcc-12 (Ubuntu):
status: Invalid → New
Mark Esler (eslerm)
Changed in dpkg (Ubuntu):
importance: Undecided → Wishlist
Changed in gcc-12 (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Matthias Klose (doko) wrote :

seriously, referencing a bug from 2008 in bluez-utils?

Changed in gcc-12 (Ubuntu):
status: New → Won't Fix
Revision history for this message
Mark Esler (eslerm) wrote :

Apologize, I linked the wrong LP. Edited comment to https://bugs.launchpad.net/ubuntu/+source/gcc-12/+bug/1972043

Changed in gcc-12 (Ubuntu):
status: Won't Fix → New
Mark Esler (eslerm)
tags: added: sec-1935
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.