[Pkg-pascal-devel] Status of FPC with hardening

Fri Feb 7 13:53:38 GMT 2025

Hi Michalis,

On Thu, 2025-02-06 at 22:04 +0100, Michalis Kamburelis wrote:
> > As you may noticed, I was recently very busy with making FPC provide an easy
> > way to build hardened programs.
> > 
> > I think I'm now done with that and 3.2.2-45 should be, I hope, the last
> > upload with regards to that goal. It fixed the aarch64 architecture, the
> > only remaining architecture for which FPC supports PIC/PIE.
> > 
> > The current situation makes developers live easy, just add @hardening to
> > your fpc compilation command line and it will do it.
> 
> I'm interested -- can you provide some details, what does exactly the
> "hardening" imply, what happens as a result?
By hardening Debian means enabling Position Independent Code (PIC) and Position
Independent Executable (PIE). These are mainly code generator option (-Cg) and
linker option (-pie).

On the context of FPC it is adding a configuration file
in /etc/fpc-3.2.2.cfg.d/hardening that allows calling fpc @hardening myprog to
enable these options in a standard way.
>  E.g. does this mean
> enabling things like range checking, overflow checking using FPC
> options, to catch buffer overflows etc. in certain cases, or something
> else? I read https://wiki.debian.org/Hardening ,
No it does not enable such features, but indeed these can be a big plus when
testing. However, I fear a program that crashes due to input will not be welcome
even if I prefer that behavior to silently continue with a buffer overflow that
can be used by a hacker.
>  from what I
> understand the precise meaning of "hardening" depends on the compiler
> and toolchain, so in Debian+Pascal context the "hardening" implies
> passing certain command-line options to the FPC compiler. What are
> these options exactly, so that I can confirm that e.g. Castle Game
> Engine really supports it 100%?
The entire set of options is described in the link above, but mainly -XD, -Cg, -
k-lc, -k--dynamic-linker=<some so file>
> 
> Sorry in advance if this is already documented somewhere, in wiki or
> source code, just point me to it :)
There are many bu none is complete, so good that you asked, at least this mail
can be used as a start of a doc page.
> 
> Note that CGE does support debug and release modes of compilation, and
> we fully support compiling the CGE codebase with range checking,
> overflow etc. enabled.
One day, we may try to take advantage of such FPC feature to ensure code is 100%
safe. However today this is not the case.
Also, one argument to disable such a feature that was the default in TP7, was
the speed reduction due to checks overhead. However this is tiny compared to
Python or Java overload. So maybe FPC is a good candidate to become the next
safe coding language!
>  But this is not 100% true for all Pascal code,
> I recall some FPC RTL code that was doing tricks and just assuming
> that range checking is off, otherwise an "innocent" (actually valid)
> code will raise range errors.
That code is generally not portable over architectures.
> 
> > Now, there was a price for that, and one additional unitary test is now
> > failing on i386. It deals with generics, which I don't think too much people
> > use, but I hope it will get fixed soon by 3.2.4 that I expect to be in the
> > few coming weeks.
> 
> Note that Castle Game Engine uses generics very intensively. And I do
> recommend everyone to use generics in my "Modern Object Pascal
> Introduction for Programmers", providing examples e.g. here
> https://castle-engine.io/modern_pascal#generic-containers-section .
Then you may be interested in checking this commit.

I disabled the test because I know FPC core team will never want to deal with a
3.2.2 bug as they are trying to get 3.2.4 out, even if this is the case since
last year same time.
> 
> Regards and thank you for all the work,
> Michalis
Thank you also for your fantastic work on CGE and CMV.
-- 
Cheers,
Abou Al Montacir

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-pascal-devel/attachments/20250207/dc9285a6/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-pascal-devel/attachments/20250207/dc9285a6/attachment.sig>