From nobody Mon May 13 17:47:41 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VdRlg1hK3z5Kgmw for ; Mon, 13 May 2024 17:47:43 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VdRlg0tPSz4MkJ for ; Mon, 13 May 2024 17:47:43 +0000 (UTC) (envelope-from kevans@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1715622463; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fNXVa3VPm5FrB8Wt75J3T5VrQS7H7oy1C+R10ipnwgI=; b=JMcVdramOWTh5SvCCSikVnbN7jNLmx8g8lTNtHfCXMzrYhdZpeHkL4NCOIfHEJnzpS1zte qg8nlY6c19lITzG/nWfPrgymENT5mFprzpawP9DO7m8L6rc2w9Mh34vZoq9Un3JTA86hVf 7t9mDsXPy7V/Zt8sAnleGsv6k8biQgFe70KMTvghg2GTf75sNMFIGliyrY7W6Q4LH/yCXz EupqL6UwIzoen0YzYLvNbghqlhQrjenxbV+6IvbiVlfyKW0GcGx/fZPRgE9KPOTpAJ0FnL pRnW6uI9pX3Wf5JkOniKtO5oqRrvKkANAUbs/xOq+bdWz40od/di2U1hS78pYg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715622463; a=rsa-sha256; cv=none; b=MuxkAlG2HEuh+nS3Sc23vH3VlfERuCA9o2CvQOdWYPuf71AYjQCbFr0JBcVpf+MDmQVY2S n6y0IFCSmJc++Stb76kMjotZa1bekYfZPluyGLyVjOGUBXNbeMmVJlCjZhOeP5gxt9T37L DL/IcpcdRj/xPPQH7lVyOGC9VMmE5Xg5XJoO9/QtBE69C/i4YEgR5bVifF2Sb8A/mkhTFS yAx7vfblBspSn6NpI8gcbvvecmSWBS8FBzoiDc9U9uy5p4BsU30zC9BfeqgUMdWveU5vF5 BGbQQ2uC0a5MMBqgoQQpCKl4uvg2NvZJGeh1VDPqNv6a0AklykQ6x90PVz5/3w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1715622463; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fNXVa3VPm5FrB8Wt75J3T5VrQS7H7oy1C+R10ipnwgI=; b=bntDTVTTmyxIy1LJ04Y1MZ91Od1W+w/VWDRTO6cBxojRKcFcMthVxylpCG/9oW66g5XakH S+bns+SifhV2eYfdQEw1gPY9O2gZppPps5E9uCeqceL6qUZ5oX5narq/BnKt67XFCU08QE mEm1/+Rg6q0Ksw8qLMs2km6hA59XOgiUhXldN9x8KTNQlugH21CkvWSlyIHeuWqfVhUOEd b2FCBnNMBH6QYHEDh53MxUwF4YI245H8OK9O+VwBGTy9CWFAu57rogdUg39bDLu4qsUocb L6k8mXnhRD3RR/O9ZQRQxHcSafRivfobb8LDMDUhQ+a6OJ3Yyi2wDj0q7T7aFw== Received: from [10.9.4.95] (unknown [209.182.120.176]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: kevans/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4VdRlf6Q75zHm7 for ; Mon, 13 May 2024 17:47:42 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Message-ID: Date: Mon, 13 May 2024 12:47:41 -0500 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: "freebsd-hackers@FreeBSD.org" From: Kyle Evans Subject: Initial implementation of _FORTIFY_SOURCE Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi, As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported an initial version of FORTIFY_SOURCE from FreeBSD. FORTIFY_SOURCE is an improvement over classical SSP, doing compiler-aided checking of stack object sizes to detect more fine-grained stack overflow without relying on the randomized stack canary just past the stack frame. This implementation is not yet complete, but we've done a review of useful functions and syscalls to add checked variants of and intend to complete the implementation over the next month or so. Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=2 in the buildworld env -- I intend to flip the default to 2 when WITH_SSP is set in the next month if nobody complains about serious breakage. I've personally been rolling with FORTIFY_SOURCE=2 for the last three years that this has been sitting in a local branch, so I don't really anticipate any super-fundamental breakage. Thanks, Kyle Evans