public inbox for [email protected]
help / color / mirror / Atom feedFrom: Peter Eisentraut <[email protected]>
To: Hans Buschmann <[email protected]>
To: [email protected] <[email protected]>
Subject: Re: Increased SECURITY RISCS from omitting some compikler options when building PG with meson; e.g. -fcf-protection=full
Date: Tue, 7 Jul 2026 14:25:49 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
On 07.07.26 11:59, Hans Buschmann wrote:
> Some days ago I stumbled over the following Phoronix article with a
> proposal for Fedora 45:
>
> Fedora 45 Considering x86_64 Shadow Stack Usage By Default <https://
> www.phoronix.com/news/Fedora-45-Consider-Shadow-Stack>
> I exemplary checked both the Fedora provided packages and the PGDG
> provided packages of pg18 that they are build with Schadow Stack
> (SHSTK) and Indirect Branch Tracking (IBT) activated which is true.
> It may sometimes be necessary that a quick fix of an apparent bug
> encourages the user to recomple the specific component of postgres. The
> different compile options result in that the operating system provided
> protection can not be guaranteed.
>
> I have discovered this case on x86_64 pg18 on linux built with meson but
> I don't know if other architectures have similar mitigations enabled in
> the distributed binaries.
>
> As I am not an experienced C-Programmer, there may be other compile
> options for other vulnerabilities.
>
> I propose to activate all compiler options as default that are used in
> the binary releases of postgres, preferrably in both built systems
> (autoconfigure and meson)
>
> Please consider different operating systems (red hat, debian etc), all
> supported pg versions, different architectures, different compilers,
> different built systems etc.
I don't think this would be a good direction. Distributions are in many
cases better placed to decide when and how to activate certain
protections. The case you point out here is a good example. The
-fcf-protection option was already activated in Fedora 28, but it is
only now that they are considering switching over the base layers of the
OS to activate this facility. It would be unreasonable to expect
PostgreSQL and any other open-source project to track this and sync up
with this. Consider this to see the amount of information that would
need to be tracked and implemented:
https://github.com/jvoisin/compiler-flags-distro
view thread (6+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Increased SECURITY RISCS from omitting some compikler options when building PG with meson; e.g. -fcf-protection=full
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox