From owner-freebsd-security@FreeBSD.ORG  Sat Apr 19 00:33:08 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A608937B401
	for <freebsd-security@freebsd.org>;
	Sat, 19 Apr 2003 00:33:08 -0700 (PDT)
Received: from geminix.org (gen129.n001.c02.escapebox.net [213.73.91.129])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C5D0A43F85
	for <freebsd-security@freebsd.org>;
	Sat, 19 Apr 2003 00:33:07 -0700 (PDT)
	(envelope-from gemini@geminix.org)
Received: from pd9e10d9f.dip.t-dialin.net ([217.225.13.159] helo=geminix.org)
	by geminix.org with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.36 #1)
	id 196mqO-000CDd-00; Sat, 19 Apr 2003 09:33:04 +0200
Message-ID: <3EA0FBA9.4090605@geminix.org>
Date: Sat, 19 Apr 2003 09:32:57 +0200
From: Uwe Doering <gemini@geminix.org>
Organization: Private UNIX Site
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3) Gecko/20030411
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Kris Kennaway <kris@obsecurity.org>
References: <20030411111302.G4749@cvs.imp.ch>
	<20030411115522.I6045@odysseus.silby.com>
	<20030412073836.GA86038@rot13.obsecurity.org>
In-Reply-To: <20030412073836.GA86038@rot13.obsecurity.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-security@freebsd.org
cc: Martin Blapp <mb@imp.ch>
Subject: Re: fstack protector
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Apr 2003 07:33:08 -0000

Kris Kennaway wrote:
> On Fri, Apr 11, 2003 at 11:58:02AM -0500, Mike Silbersack wrote:
> 
>>One possible solution would be to have a gcc-ssp port which would build a
>>SSP version of the base system's compiler, and call it gcc-ssp or
>>something.  Then we could make certain ports depend on using it, perhaps.
> 
> That's the best solution for FreeBSD.  You'd just set CC and CFLAGS if
> you want to build with it, as usual.  Be aware that some ports will
> not run when built with -fstack-protector, last time I checked
> (XFree86 is one).

Which version of XFree86?  At least 3.3.6 works fine for me, with 
'-fstack-protector' (actually auto-enabled on my systems).

Mozilla 1.x, however, doesn't work with stack protection.  That's the 
only port I found so far that breaks.  Reason unknown.  Actually, it 
already happens at build time.  'regchrome' crashes.  At least I think 
that was the name, if memory serves.

    Uwe
-- 
Uwe Doering         |  EscapeBox - Managed On-Demand UNIX Servers
gemini@geminix.org  |  http://www.escapebox.net