From owner-freebsd-hackers@FreeBSD.ORG  Sun May 27 18:15:11 2012
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 6E33A106566C
	for <freebsd-hackers@FreeBSD.org>; Sun, 27 May 2012 18:15:11 +0000 (UTC)
	(envelope-from rflynn@acsalaska.net)
Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net
	[66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 40AD58FC19
	for <freebsd-hackers@FreeBSD.org>; Sun, 27 May 2012 18:15:11 +0000 (UTC)
Received: from [127.0.0.1] (squeeze.lan.rachie.is-a-geek.net [192.168.2.30])
	by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id A738F7E874
	for <freebsd-hackers@FreeBSD.org>;
	Sun, 27 May 2012 10:15:04 -0800 (AKDT)
Message-ID: <4FC26F26.6000907@acsalaska.net>
Date: Sun, 27 May 2012 20:15:02 +0200
From: Mel Flynn <rflynn@acsalaska.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
	rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: FreeBSD Hackers <freebsd-hackers@FreeBSD.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Activating libssp
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 May 2012 18:15:11 -0000

Hi,

for a port, I'm seeing:
#ifdef _FORTIFY_SOURCE
...
#endif

I did a bit of reading (http://wiki.debian.org/Hardening) for example,
searching through /usr/share/mk/* /usr/include/libssp, /usr/src/gnu/libssp.

However, it's not clear to me, where the magic is that pulls in the
libssp library that is in /lib.
Also - it seems to be part of gcc, so does that mean on systems without
gcc, that this library is not available or does clang have a variant?

I do see -fstack-protector is added to CFLAGS by default, so I'm
thinking there's some magic somewhere, but I'm just missing the docs
that tell me "if you add foo to CFLAGS then bar will happen, unless baz".
-- 
Mel