From owner-freebsd-hackers@FreeBSD.ORG Thu Mar 15 22:35:05 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 082921065672 for ; Thu, 15 Mar 2012 22:35:05 +0000 (UTC) (envelope-from jeremie@le-hen.org) Received: from smtp5-g21.free.fr (smtp5-g21.free.fr [IPv6:2a01:e0c:1:1599::14]) by mx1.freebsd.org (Postfix) with ESMTP id 52F428FC0A for ; Thu, 15 Mar 2012 22:35:02 +0000 (UTC) Received: from endor.tataz.chchile.org (unknown [82.233.239.98]) by smtp5-g21.free.fr (Postfix) with ESMTP id A789AD48028; Thu, 15 Mar 2012 23:34:56 +0100 (CET) Received: from felucia.tataz.chchile.org (felucia.tataz.chchile.org [192.168.1.9]) by endor.tataz.chchile.org (Postfix) with ESMTP id 732462675; Thu, 15 Mar 2012 22:34:55 +0000 (UTC) Received: by felucia.tataz.chchile.org (Postfix, from userid 1000) id 448E41942; Thu, 15 Mar 2012 22:34:55 +0000 (UTC) Date: Thu, 15 Mar 2012 23:34:55 +0100 From: Jeremie Le Hen To: Bryan Drewery Message-ID: <20120315223454.GA30360@felucia.tataz.chchile.org> Mail-Followup-To: Bryan Drewery , freebsd-hackers@freebsd.org References: <4F4AFB53.8020503@shatow.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4F4AFB53.8020503@shatow.net> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-hackers@freebsd.org, jeremie@le-hen.org Subject: Re: compiling ports with SSP (was: [PATCH] Add -lssp_nonshared to GCC's LIB_SPEC unconditionally)= X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2012 22:35:05 -0000 Hi Bryan On Sun, Feb 26, 2012 at 09:41:07PM -0600, Bryan Drewery wrote: > > Thanks for this patch [1]! > > I've been building my ports tree with -fstack-protector on FreeBSD 6, 7 > and 8. Once I upgraded to 8, I started running into the issue [2] this > patch is fixing. > > I have a situation where non-ports applications are compiling > statically, which ran into this. Specifically, the application is > linking in security/openssl statically, which of course was compiled > with -fstack-protector. Adding the /usr/lib/libc.ld fixed it without > needing to hack at the failing non-port application. > > Would be nice if this, and PR 138228 were finally committed. > > Bryan Drewery > > [1] http://lists.freebsd.org/pipermail/freebsd-hackers/2011-June/035538.html > [2] http://gcc.gnu.org/ml/gcc-help/2006-05/msg00092.html Wow, the perspective provided by those two posts makes me dizzy. This has been a very long standing project. The base system is now compiled with SSP, but doing so for ports still requires some manual hacking unfortenately. I've proposed a patch to compile ports with SSP a few years ago, but some ports with special building strategy suffered the problem described in [2]. Then I learned the possibilities of ld scripts and provided the patch in [1] last year. I think we have all the bits necessary to be able to compile ports with SSP painlessly. First the patch in [1] has to be committed in the base system. I think this can be done in CURRENT without any problem, I run it myself on my own servers without problem. Unfortunately it will probably never appear in RELENG_9 because it may be deemed too dangerous to make such a change in a stable branch. It would be nice to hear what kib@ and kan@ think about this. Next, the patch to bsd.port.mk in this PR [3] has to be applied to be able to compile ports with SSP using a single knob. (Other patches along this one can be thrown away, they were required hacks back when the libc ld script didn't exist.) Then portmgr@ will naturally want to make a full port build with this knob turned on to check, but last time I was told they had very few resource and that this couldn't be scheduled in the next couple of week, IIRC. I admit the situation is partly my fault, because I did the fun technical work but I didn't keep up with the "lobbying" part :). I asked once or twice, without success, and then went to other subjects. I would be really glad if we could proceed with this. FreeBSD-9.0 has just been release, this is probably a good time to step forward. [3] http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/138228 Cheers, -- Jeremie Le Hen Men are born free and equal. Later on, they're on their own. Jean Yanne