From owner-freebsd-ports@FreeBSD.ORG Wed Aug 20 19:40:20 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1ECF713B for ; Wed, 20 Aug 2014 19:40:20 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 004B23DAE for ; Wed, 20 Aug 2014 19:40:20 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id s7KJeJl1034648 for ; Wed, 20 Aug 2014 19:40:19 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s7KJeJMw034646 for freebsd-ports@freebsd.org; Wed, 20 Aug 2014 19:40:19 GMT (envelope-from bdrewery) Received: (qmail 57076 invoked from network); 20 Aug 2014 14:40:09 -0500 Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24) by sweb.xzibition.com with ESMTPA; 20 Aug 2014 14:40:09 -0500 Message-ID: <53F4F995.2050308@FreeBSD.org> Date: Wed, 20 Aug 2014 14:40:05 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: Matthias Andree , ports-list freebsd Subject: Re: [CFT] SSP Package Repository available References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> <53F4F663.7070507@FreeBSD.org> In-Reply-To: <53F4F663.7070507@FreeBSD.org> OpenPGP: id=6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SuAtXXodTxVrqrE62Q5CsQdtcvr2xVtD8" X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Aug 2014 19:40:20 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --SuAtXXodTxVrqrE62Q5CsQdtcvr2xVtD8 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 8/20/2014 2:26 PM, Matthias Andree wrote: > Am 20.08.2014 um 18:34 schrieb Bryan Drewery: >=20 >> We have not had any feedback on this yet and want to get it enabled by= >> default for ports and packages. >=20 > Oops. Sorry about being silent about that; > I did enable WITH_SSP_PORTS=3Dyes right after the original announcement= on > my main 9.3-amd64 development machine (run mostly headless, but it does= > have a full GNOME2 install) without ill effects, so at least it does no= t > appear to jam everything right away, and given that Fedora is using it > and they are rather talkative to upstreams about bugs, you'd think most= > packages that have issues are fixed now. Yeah I am sure it will largely be fine as well. I just worry about some sloppy coding breaking some popular port, or some clever hack that results in crashing with SSP. I also have this vague worry that something might break if the system is half using SSP. Given the linker script on 10 (cat cat /usr/lib/libc.so) though I think it is definitely safe there. Given the feedback already I am confident we'll enable it by default in a few weeks. Too much moving right now to do it now though. This will also free up a lot of resources for other package building opportunities. >=20 >=20 > Is there any way we can detect the effects of -fstack-protector from th= e > resulting executable, with peeking at objdump output? Like so: >=20 > $ objdump -R /usr/local/bin/twolame | grep stack_chk > 0000000000605ce0 R_X86_64_COPY __stack_chk_guard > 00000000006053b0 R_X86_64_JUMP_SLOT __stack_chk_fail >=20 > Should we have stage-qa - at least in DEVELOPER=3Dyes WITH_SSP_PORTS=3D= yes > mode - check that either -fstack-protector{,-all,-strong} actually > propagated through the build system? I like that idea for a warning. We would have to ensure only ELF files are checked and probably exp-run it to avoid other false-positives. --=20 Regards, Bryan Drewery --SuAtXXodTxVrqrE62Q5CsQdtcvr2xVtD8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iQEcBAEBAgAGBQJT9PmVAAoJEDXXcbtuRpfP3NUH/1S6imxwXMj0vnVDqvUqv9GD OF7v7eJcNmR+U3sJIphOHNJRrrvGxT0fKAYG7f1FtaOhGfmkoIb9pl4SdE31FN9v bIeOTs1Xix5FAsICE4m16Atf6daqivJzSWmq6PyBYBItLW8P+L8IV60jKdgrjRss lvocSyI/Z1Tf7I4+UNcB2dhPcaANpz8qsGnHaKiNcrXoCwM4mn5dTgpc27E7UvFC qeYdkRcQayCoTjOe9ssD/PwnCZrxUh5swop2FeYzfsVy4S1Zuc/4h8tS+0MMrK7F tNFciRONGT9MnzrYqmkOP/8SCo1Avb4JbBVVo0J+1OsgBoLU2y6qbMao8K5bjKk= =aEBj -----END PGP SIGNATURE----- --SuAtXXodTxVrqrE62Q5CsQdtcvr2xVtD8--