Hi!
Starting with gcc-4.1.2-25 and glibc-2.6.90-14 -D_FORTIFY_SOURCE=2 protects not only C code, but also C++. There have been several security issues already which would have been unexploitable if this checking was in place earlier.
All the mem*, str* etc. routines that were previously protected in C will now do so in C++ as well, similarly *printf won't accept %n if format string is in writable memory, open{,at}{,64} functions are checked too (compile time detecteable O_CREAT with only 2 arguments (3 for openat{,64}) results in link time errors, if it is unclear whether oflag arg has O_CREAT or not at compile time and only 2 (resp. 3 for openat{,64}) args are provided, runtime checking is done).
BTW, even for C open is no longer a function-like macro, while it is desirable to fix packages that don't allow open to be defined as function-like macro, it will no longer be a necessity for F8 to change this.
If you see any bugs on the toolchain side (rather than newly discovered package bugs), please let us know in bugzilla ASAP.
Thanks.
Jakub
devel-announce@lists.fedoraproject.org