From owner-freebsd-toolchain@freebsd.org Thu Jul 30 18:01:19 2015 Return-Path: Delivered-To: freebsd-toolchain@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 902F49AFCDD for ; Thu, 30 Jul 2015 18:01:19 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from nm42-vm5.bullet.mail.bf1.yahoo.com (nm42-vm5.bullet.mail.bf1.yahoo.com [216.109.114.204]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 153642F0 for ; Thu, 30 Jul 2015 18:01:18 +0000 (UTC) (envelope-from pfg@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1438279269; bh=nSJNGTJF2JVUjhOWQ74ljp9xyNFnZCST7VweRevghJk=; h=Date:From:To:Subject:From:Subject; b=F/5EVJmvYZGtYLogP293k6DBo0gTjE8Fxf+Iorw4hmbQFs+kCzAVrcZnEKPAijCF9srkNLctftr7Ly85l8O+IBFyvesOpBhqxBcVT5NihCYoXYdU3oNedUMWl63mPX1kZ0+ZK+0FPRxHcP9qHuhS3AFyW47qRkX+i+Sy8WiVDDZLbqG362EzImy9V9bzAQwwNZC8K1ZZwHzWBdtQxU8fl1fXDzG48Pct+L8mXMQ2hixJ77pZTJA5KA5QEgIeN9lz/YndakFt1uR9Bxf3ND9TfoJcQ2CfGQXg5qJ/rMrhb17Vn7j2mq8hmZbeR1lkWQAxZHOb7cMVJEm5XHQzkXJE9Q== Received: from [98.139.215.143] by nm42.bullet.mail.bf1.yahoo.com with NNFMP; 30 Jul 2015 18:01:09 -0000 Received: from [68.142.230.75] by tm14.bullet.mail.bf1.yahoo.com with NNFMP; 30 Jul 2015 18:01:09 -0000 Received: from [127.0.0.1] by smtp232.mail.bf1.yahoo.com with NNFMP; 30 Jul 2015 18:01:09 -0000 X-Yahoo-Newman-Id: 175274.23666.bm@smtp232.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: gFp35IMVM1mjjxYJBU.NCbJ1G8hcr2Eek4nOCJi9vzBfNdq iF9DUVvFXKGsiuT3HlCqudE9425LlTWmaTYuE85BkAmo4ysuXGQCMGbIw4kS v1Hb4UKV1wOBh.K4GMeWD5heUNT9BPEWap3hs1AqW78_DdaY_Av.e6McST6_ R06OAbprYuamWmQAomATf4TQP_PFowB5W9bzoG18acIXp2H4OT_mA3UlYbzU GalpYty.rVTtlS_Gg4YiUAzrp5F.hFwCwi_AHvgkyEEbNkUvXhpEmkV_F.Rr PoXgDU8K0IoWk5Q4nBO1vvsIa3op65DkNx9g6UBZELNNjiokYtKReIRZzIfu yZ9Ha3yNxj_YQjMycU1so_9sCcjZC5DRqEj2TpHRr9m_etkgXFREPVQlL_RD b7V.BE3hdbRtC1XG_qJctpl9dI0UsIEoYx3Lms4vvfEUWX2EKP9FoQvRaUAD beQ_SNGSKOh_2AwygjeZF4MZW1lwaxG5OB9aVm3yC4r9YZg66pfIX_DtfJK3 n22LFD9BynyXPvkxfR7TaPVChKtgaMmb8 X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Message-ID: <55BA666D.7080709@FreeBSD.org> Date: Thu, 30 Jul 2015 13:01:17 -0500 From: Pedro Giffuni User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-toolchain@FreeBSD.org Subject: [CFR] FORTIFY_SOURCE Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-toolchain@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Maintenance of FreeBSD's integrated toolchain List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jul 2015 18:01:19 -0000 Dear developers; As part of this year's Google Summer of Code [1] Oliver Pinter and I have been working on implementing the FORTIFY_SOURCE libc extension. The idea, initially implemented in GNU libc is to use the gcc's __builtin_object_size to replace many common string functions with bounds checking variants, therefore limiting the possibility of buffer overflows. So far the implementation is basically finished and we merged elements of the from both NetBSD and bionic's libc. Our implementation is non-invasive and very effective; it works with both clang and gcc (tested with our base compilers). The code would initially be off by default and there are still some small issues to figure out but we would welcome wider review: https://reviews.freebsd.org/D3043 I will also be requesting and exp-run on the ports tree soon. [1] https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions