Date: Wed, 20 Aug 2014 19:20:23 +0200 From: Mark Martinec <Mark.Martinec+freebsd@ijs.si> To: Ports FreeBSD <freebsd-ports@freebsd.org> Subject: Re: [CFT] SSP Package Repository available Message-ID: <34632ff93c04551e334a659512a728a9@mailbox.ijs.si> In-Reply-To: <53F4CE0E.8040106@FreeBSD.org> References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
2014-08-20 18:34 Bryan Drewery wrote: > On 9/21/2013 5:49 AM, Bryan Drewery wrote: >> Ports now support enabling Stack Protector [1] support on FreeBSD 10 >> i386 and amd64, and older releases on amd64 only currently. >> >> Support may be added for earlier i386 releases once all ports properly >> respect LDFLAGS. >> >> To enable, just add WITH_SSP=yes to your make.conf and rebuild all >> ports. >> >> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all >> may optionally be set instead. >> >> Please help test this on your system. We would like to eventually >> enable >> this by default, but need to identify any major ports that have >> run-time >> issues due to it. >> >> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection >> > > We have not had any feedback on this yet and want to get it enabled by > default for ports and packages. > > We now have a repository that you can use rather than the default to > help test. We need your help to identify any issues before switching > the > default. > > This repository is available for: > > head > 10.0 > 9.1,9.2,9.3 > > It is not available for 8.4. If someone is willing to test on 8.4 I > will > build a repository for it. > > Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf: > > FreeBSD: { enabled: no } > FreeBSD_ssp: { > url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp", > mirror_type: "srv", > signature_type: "fingerprints", > fingerprints: "/usr/share/keys/pkg", > enabled: yes > } > > Once that is done you should force reinstall packages from this > repository: > > pkg update > pkg upgrade -f > > Thanks for your help! > Bryan Drewery > On behalf of portmgr. I'm building about 2000 ports for our 10.0 servers and workstations using poudriere since the 10.0 release, using WITH_SSP_PORTS=yes in poudriere's make.conf. I suppose the WITH_SSP_PORTS=yes is equivalent to WITH_SSP=yes but limited to ports (not sure where I got this setting, must have been some announcement). So far I haven't come across any ill effects that I could attribute to SSP. Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34632ff93c04551e334a659512a728a9>