From owner-freebsd-security@FreeBSD.ORG  Sat Apr 12 00:38:37 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1B3A337B401
	for <freebsd-security@freebsd.org>;
	Sat, 12 Apr 2003 00:38:37 -0700 (PDT)
Received: from obsecurity.dyndns.org
	(adsl-63-207-60-150.dsl.lsan03.pacbell.net [63.207.60.150])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7D38443F85
	for <freebsd-security@freebsd.org>;
	Sat, 12 Apr 2003 00:38:36 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5])
	by obsecurity.dyndns.org (Postfix) with ESMTP
	id 4E37866CFA; Sat, 12 Apr 2003 00:38:36 -0700 (PDT)
Received: by rot13.obsecurity.org (Postfix, from userid 1000)
	id 2E49D10F6; Sat, 12 Apr 2003 00:38:36 -0700 (PDT)
Date: Sat, 12 Apr 2003 00:38:36 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Mike Silbersack <silby@silby.com>
Message-ID: <20030412073836.GA86038@rot13.obsecurity.org>
References: <20030411111302.G4749@cvs.imp.ch>
	<20030411115522.I6045@odysseus.silby.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="ReaqsoxgOBHFXBhH"
Content-Disposition: inline
In-Reply-To: <20030411115522.I6045@odysseus.silby.com>
User-Agent: Mutt/1.4i
X-Mailman-Approved-At: Fri, 18 Apr 2003 14:16:39 -0700
cc: freebsd-security@freebsd.org
cc: Martin Blapp <mb@imp.ch>
Subject: Re: fstack protector
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Apr 2003 07:38:37 -0000


--ReaqsoxgOBHFXBhH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Fri, Apr 11, 2003 at 11:58:02AM -0500, Mike Silbersack wrote:

> One possible solution would be to have a gcc-ssp port which would build a
> SSP version of the base system's compiler, and call it gcc-ssp or
> something.  Then we could make certain ports depend on using it, perhaps.

That's the best solution for FreeBSD.  You'd just set CC and CFLAGS if
you want to build with it, as usual.  Be aware that some ports will
not run when built with -fstack-protector, last time I checked
(XFree86 is one).

Kris

--ReaqsoxgOBHFXBhH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+l8J7Wry0BWjoQKURAkcoAKDFUgNvqCXGfWqcS4y5TQzKXMro9ACeKudb
HIhM/NFyF7E0D6o6Kadq8fs=
=yXCh
-----END PGP SIGNATURE-----

--ReaqsoxgOBHFXBhH--