From nobody Mon May 13 23:05:17 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VdZpP1s4mz5L6tM for ; Mon, 13 May 2024 23:05:33 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4VdZpN2mkBz45Hy; Mon, 13 May 2024 23:05:31 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Authentication-Results: mx1.freebsd.org; none Received: from kalamity.joker.local (123-1-21-232.area1b.commufa.jp [123.1.21.232]) (authenticated bits=0) by www121.sakura.ne.jp (8.17.1/8.17.1/[SAKURA-WEB]/20201212) with ESMTPA id 44DN5HuD001460; Tue, 14 May 2024 08:05:17 +0900 (JST) (envelope-from junchoon@dec.sakura.ne.jp) Date: Tue, 14 May 2024 08:05:17 +0900 From: Tomoaki AOKI To: Shawn Webb Cc: Cy Schubert , Kyle Evans , "freebsd-hackers@FreeBSD.org" Subject: Re: Initial implementation of _FORTIFY_SOURCE Message-Id: <20240514080517.36f218aa3a054aa2cba99b0d@dec.sakura.ne.jp> In-Reply-To: References: <20240513180924.29C872B4@slippy.cwsent.com> Organization: Junchoon corps X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.0) List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP] X-Rspamd-Queue-Id: 4VdZpN2mkBz45Hy On Mon, 13 May 2024 18:57:26 +0000 Shawn Webb wrote: > On Mon, May 13, 2024 at 11:09:24AM -0700, Cy Schubert wrote: > > In message , Kyle Evans > > write > > s: > > > Hi, > > > > > > As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported > > > an initial version of FORTIFY_SOURCE from FreeBSD. FORTIFY_SOURCE is an > > > improvement over classical SSP, doing compiler-aided checking of stack > > > object sizes to detect more fine-grained stack overflow without relying > > > on the randomized stack canary just past the stack frame. > > > > > > This implementation is not yet complete, but we've done a review of > > > useful functions and syscalls to add checked variants of and intend to > > > complete the implementation over the next month or so. > > > > > > Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=2 in the > > > buildworld env -- I intend to flip the default to 2 when WITH_SSP is set > > > in the next month if nobody complains about serious breakage. I've > > > personally been rolling with FORTIFY_SOURCE=2 for the last three years > > > that this has been sitting in a local branch, so I don't really > > > anticipate any super-fundamental breakage. > > > > Should this trigger a __FreeBSD_version bump? > > I would encourage that so to help the ports tree determine > availability of the import. If it can be enabled/disabled with sysctls/tunables on runtime/boottime, bump should be preferred. Maybe this isn't yet the case here, IIUC. But if it could be done only on build time with WITH_ or WITHOUT_ knob ad not yet enabled by default for now, now ins't the time to bump. Bump should be done when it becomes to be built by default. Bump for non-default build time knob should force poudriere[-devel] users massive unneeded rebuilds. So should be avoided, if it still cannot switch on boot or runtime. > Additionally, I've enabled _FORTIFY_SOURCE in HardenedBSD base[1] and > ports[2]. For base, it's only set (and to 2 by default) when MK_SSP is > set to yes. In ports, it's set by default except for ports that have > "kmod" in their USES. > > Are there any plans to support _FORTIFY_SOURCE in the kernel? > > [1]: > https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/927fd28755da27c5dd2b1b0d0396c93db585f933 > [2]: > https://git.hardenedbsd.org/hardenedbsd/ports/-/commit/3d7dcd284ce3083103edd6b28b3d232abbfeaa63 > > Thanks, > > -- > Shawn Webb > Cofounder / Security Engineer > HardenedBSD > > Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 > https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc -- Tomoaki AOKI