SQLite Forum

fortify source

fortify source

(1) By anonymous on 2021-07-13 19:06:01

Bearing in mind the strict adherence to DO-178B, is there any value in these compiler security options?

Does my 64-bit build otherwise improve performance over the official Linux binary?

$ for x in sqlite3 sqlite3.i386; do ll $x; hardening-check $x; done
-rwxr-xr-x. 1 root root 1954360 Jul 13 13:47 sqlite3
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: yes

-rwxr-xr-x. 1 root root 1169124 Jul  6 13:53 sqlite3.i386
 Position Independent Executable: no, normal executable!
 Stack protected: no, not found!
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: no, not found!
 Immediate binding: no, not found!

$ file sqlite3 sqlite3.i386 
sqlite3:      ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=90c166105dd34b2bd78eb3eb36622c01f855df8b, not stripped

sqlite3.i386: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 4.3.0, stripped

$ cat sqlite-autoconf-3360000.configure 
CFLAGS='-O3 -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fpic -pie' \
LDFLAGS='-Wl,-z,relro,-z,now -Wl,-z,now' ./configure

(2) By anonymous on 2021-07-14 00:37:27 in reply to 1 [link]

Furthermore, why is the sqlite3 binary offered in the tools collection compiled 32-bit?

This user space is 3 gigabytes on Linux, and 2 gigabytes on Windows.

Is this done so the DO-178B test suite can run correctly?

(3) By Richard Hipp (drh) on 2021-07-14 00:51:27 in reply to 2 [link]

All of our tests run 64-bit, except when we are deliberately testing for
compatibility with 32-bit hardware.  We offer 32-bit downloads because
people request them.

(4) By anonymous on 2021-07-14 01:02:45 in reply to 3 [link]

A thousand thanks for your reply.

I trust your judgment, but curious as to large joins or sorts with a 3/2Gb user space, in the context of Oracle's sort_area_size.

Focal question: is FORTIFY_SOURCE at all helpful, or should I discard it?

(5) By anonymous on 2021-07-14 02:15:34 in reply to 4 [link]

I will quote your sagacious reply in my article.