Date: Sat, 19 Apr 2003 09:32:57 +0200 From: Uwe Doering <gemini@geminix.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Martin Blapp <mb@imp.ch> Subject: Re: fstack protector Message-ID: <3EA0FBA9.4090605@geminix.org> In-Reply-To: <20030412073836.GA86038@rot13.obsecurity.org> References: <20030411111302.G4749@cvs.imp.ch> <20030411115522.I6045@odysseus.silby.com> <20030412073836.GA86038@rot13.obsecurity.org>
index | next in thread | previous in thread | raw e-mail
Kris Kennaway wrote:
> On Fri, Apr 11, 2003 at 11:58:02AM -0500, Mike Silbersack wrote:
>
>>One possible solution would be to have a gcc-ssp port which would build a
>>SSP version of the base system's compiler, and call it gcc-ssp or
>>something. Then we could make certain ports depend on using it, perhaps.
>
> That's the best solution for FreeBSD. You'd just set CC and CFLAGS if
> you want to build with it, as usual. Be aware that some ports will
> not run when built with -fstack-protector, last time I checked
> (XFree86 is one).
Which version of XFree86? At least 3.3.6 works fine for me, with
'-fstack-protector' (actually auto-enabled on my systems).
Mozilla 1.x, however, doesn't work with stack protection. That's the
only port I found so far that breaks. Reason unknown. Actually, it
already happens at build time. 'regchrome' crashes. At least I think
that was the name, if memory serves.
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini@geminix.org | http://www.escapebox.net
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EA0FBA9.4090605>