[MPlayer-users] Unable to Compile Mplayer Revision 34652

Vladimir Mosgalin mosgalin at VM10124.spb.edu
Tue Feb 14 13:45:40 CET 2012


Hi Carl Eugen Hoyos!

 On 2012.02.14 at 09:54:43 +0000, Carl Eugen Hoyos wrote next:

> >      --extra-cflags="-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 
> > -fexceptions -fstack-protector --param=ssp-buffer-size=4  -m64 
> > -mtune=generic" \
> 
> There are two possibilities:
> Either this is useful, then this should be added to our default
> flags, so please send benchmarks etc. in this case, or it has 
> no benefits, then please remove it.

These are "Red Hat recommended" hardening options which are used to
build any package in RHEL, SL, Centos and Fedora; some subsets are also
used in many other distributions. There are various documents in the
internet explaining each of these option and its benefit, including
official Red Hat reports with vulnerabilities exploit statistic with and
without these options each of these option and benefit. 

As long as mplayer cares about performance at all costs, there is no
reason to use these options in configure. But they have proven impact on
security so I'd say it's unwise to ask people who care about
vulnerabilities not to use them; after all, there are even desktop
distributions where everything is compiled with these options without
any visible performance impact.

I don't want to provide links to long reports on security provided by
these options as you probably aren't interested in them, so just these
quick links:
http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_STACKPROTECTOR_.28gcc.2BAC8-g.2B-.2B-_-fstack-protector_--param_ssp-buffer-size.3D4.29
http://wiki.debian.org/Hardening#non-exec_memory_segmentation_.28ExecShield.29
http://wiki.debian.org/Hardening#gcc_-D_FORTIFY_SOURCE.3D2_-O1

-D_FORTIFY_SOURCE=2 seems to be interesting as it's compile-time only
check and should have no effect on mplayer performance, only on
compilation time.


-- 

Vladimir


More information about the MPlayer-users mailing list