I want to compile rippled without source code hardening (specifically, I want to avoid the *_chk functions).
As far as I have been able to determine, gcc/g++ do this hardening with FORTIFY_SOURCE and -fstack-protector, and in order to disable it, either -U_FORTIFY_SOURCE or -D_FORTIFY_SOURCE=0 and -fno-stack-protector should be used.
However, for some reason this is not working for me with rippled. I have modified the SConstruct file so that the above mentioned defines and switches are added, and I see during the build process that they are actually being passed to the compiler and linker. However, when I run readelf -sW rippled | egrep chk, I obtain several lines like:
3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@GLIBC_2.3.4 (2)
38: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __vfprintf_chk@GLIBC_2.3.4 (2)
96: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __sprintf_chk@GLIBC_2.3.4 (2)
100: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __snprintf_chk@GLIBC_2.3.4 (2)
107: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __fread_chk@GLIBC_2.7 (14)
So I am guessing that the problem is not with the switches and defines. But in that case, what may I be missing? Why are these symbols still being included in the ELF?
PS: I am aware that parenthesizing calls to "_chk"-able functions is an alternative to -U_FORTIFY_SOURCE and -fno-stack-protector, but I am just discarding that option, as I do not want to modify rippled's code (and, however, that would only affect a subset of the functions, as far as I can tell).
