# Kernel Configuration Should I Use FORTIFY_SOURCE?

## jagdpanther

I am about to upgrade from gentoo-sources-4.12.12 to gentoo-sources-4.14.7.  Running through "make oldconfig"  I am trying to decide if there are any negatives with turning on FORTIFY_SOURCE.  Any comments?  

```
Harden common str/mem functions against buffer overflows (FORTIFY_SOURCE) [N/y/?] (NEW) ?
```

From the kernel help:

 *Quote:*   

> CONFIG_FORTIFY_SOURCE:
> 
> Detect overflows of buffers in common string and memory functions
> 
> where the compiler can determine and validate the buffer sizes.

 

Sounds like a good thing ... but what might break ?

----------

## toralf

I run that since eons w/o noticeable hassle.

----------

## jagdpanther

toralf:

Thanks.

Four hours after upgrading to new kernel with FORTIFY_SOURCE and no issues.

----------

