https://bugs.exim.org/show_bug.cgi?id=2923
--- Comment #4 from Andreas Metzler <eximusers@???> ---
(In reply to Patrick Welche from comment #0)
> Running an exim 4.96 server compiled with
>
> CFLAGS=-O2 -fPIC -D_FORTIFY_SOURCE=2
>
> mail delivery failed because the stack protector claimed
>
> exim - - - stack overflow detected; terminated
>
> _FORTIFY_SOURCE=2 includes runtime checks.
>
> I have recompiled lowering to _FORTIFY_SOURCE=1 to avoid this, but
> it suggests there is a bug somewhere...
Hello,
just to provide some background:
https://www.redhat.com/en/blog/security-technologies-fortifysource
So, yes there probably is a issue. However more info is needed (backtrace,
etc.) building exim with -D_FORTIFY_SOURCE=2 is not sufficient to reproduce
this, e.g. Debian's exim packages have been built with -D_FORTIFY_SOURCE=2 for
more than ten years. (I do not get why you are building with fPIC, though,
should you be using PIE instead for an executable?)
cu Andreas
--
You are receiving this mail because:
You are on the CC list for the bug.
