Date: Mon, 13 May 2024 12:47:41 -0500 From: Kyle Evans <kevans@FreeBSD.org> To: "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org> Subject: Initial implementation of _FORTIFY_SOURCE Message-ID: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Hi,
As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported
an initial version of FORTIFY_SOURCE from FreeBSD. FORTIFY_SOURCE is an
improvement over classical SSP, doing compiler-aided checking of stack
object sizes to detect more fine-grained stack overflow without relying
on the randomized stack canary just past the stack frame.
This implementation is not yet complete, but we've done a review of
useful functions and syscalls to add checked variants of and intend to
complete the implementation over the next month or so.
Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=2 in the
buildworld env -- I intend to flip the default to 2 when WITH_SSP is set
in the next month if nobody complains about serious breakage. I've
personally been rolling with FORTIFY_SOURCE=2 for the last three years
that this has been sitting in a local branch, so I don't really
anticipate any super-fundamental breakage.
Thanks,
Kyle Evans
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f8000e6b-226b-45f3-a751-aca790f4f8c8>