Date: Wed, 20 Aug 2014 14:40:05 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Matthias Andree <mandree@FreeBSD.org>, ports-list freebsd <freebsd-ports@freebsd.org> Subject: Re: [CFT] SSP Package Repository available Message-ID: <53F4F995.2050308@FreeBSD.org> In-Reply-To: <53F4F663.7070507@FreeBSD.org> References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> <53F4F663.7070507@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --SuAtXXodTxVrqrE62Q5CsQdtcvr2xVtD8 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 8/20/2014 2:26 PM, Matthias Andree wrote: > Am 20.08.2014 um 18:34 schrieb Bryan Drewery: >=20 >> We have not had any feedback on this yet and want to get it enabled by= >> default for ports and packages. >=20 > Oops. Sorry about being silent about that; > I did enable WITH_SSP_PORTS=3Dyes right after the original announcement= on > my main 9.3-amd64 development machine (run mostly headless, but it does= > have a full GNOME2 install) without ill effects, so at least it does no= t > appear to jam everything right away, and given that Fedora is using it > and they are rather talkative to upstreams about bugs, you'd think most= > packages that have issues are fixed now. Yeah I am sure it will largely be fine as well. I just worry about some sloppy coding breaking some popular port, or some clever hack that results in crashing with SSP. I also have this vague worry that something might break if the system is half using SSP. Given the linker script on 10 (cat cat /usr/lib/libc.so) though I think it is definitely safe there. Given the feedback already I am confident we'll enable it by default in a few weeks. Too much moving right now to do it now though. This will also free up a lot of resources for other package building opportunities. >=20 >=20 > Is there any way we can detect the effects of -fstack-protector from th= e > resulting executable, with peeking at objdump output? Like so: >=20 > $ objdump -R /usr/local/bin/twolame | grep stack_chk > 0000000000605ce0 R_X86_64_COPY __stack_chk_guard > 00000000006053b0 R_X86_64_JUMP_SLOT __stack_chk_fail >=20 > Should we have stage-qa - at least in DEVELOPER=3Dyes WITH_SSP_PORTS=3D= yes > mode - check that either -fstack-protector{,-all,-strong} actually > propagated through the build system? I like that idea for a warning. We would have to ensure only ELF files are checked and probably exp-run it to avoid other false-positives. --=20 Regards, Bryan Drewery --SuAtXXodTxVrqrE62Q5CsQdtcvr2xVtD8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iQEcBAEBAgAGBQJT9PmVAAoJEDXXcbtuRpfP3NUH/1S6imxwXMj0vnVDqvUqv9GD OF7v7eJcNmR+U3sJIphOHNJRrrvGxT0fKAYG7f1FtaOhGfmkoIb9pl4SdE31FN9v bIeOTs1Xix5FAsICE4m16Atf6daqivJzSWmq6PyBYBItLW8P+L8IV60jKdgrjRss lvocSyI/Z1Tf7I4+UNcB2dhPcaANpz8qsGnHaKiNcrXoCwM4mn5dTgpc27E7UvFC qeYdkRcQayCoTjOe9ssD/PwnCZrxUh5swop2FeYzfsVy4S1Zuc/4h8tS+0MMrK7F tNFciRONGT9MnzrYqmkOP/8SCo1Avb4JbBVVo0J+1OsgBoLU2y6qbMao8K5bjKk= =aEBj -----END PGP SIGNATURE----- --SuAtXXodTxVrqrE62Q5CsQdtcvr2xVtD8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53F4F995.2050308>