Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 6 Feb 2022 16:15:19 -0600
From:      Kyle Evans <kevans@freebsd.org>
To:        Kyle Evans <kevans@freebsd.org>
Cc:        freebsd-arch@freebsd.org
Subject:   Re: _FORTIFY_SOURCE Implementation
Message-ID:  <CACNAnaEzbRU9th5Qhn-0WqL1d7uvK9ic=0EAfJMmvLmCPdotKw@mail.gmail.com>
In-Reply-To: <CACNAnaGv9gQ77_d0xbnzEYHCgHskA3SbxqpmrOJak6GboAcDxw@mail.gmail.com>
References:  <CACNAnaGv9gQ77_d0xbnzEYHCgHskA3SbxqpmrOJak6GboAcDxw@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 4, 2021 at 11:01 PM Kyle Evans <kevans@freebsd.org> wrote:
>
> Hello!
>
> I've just created three reviews to import and enable the
> _FORTIFY_SOURCE implementation from NetBSD. For some light background,
> _FORTIFY_SOURCE attempts to detect some classes of buffer overflows.
>
> - https://reviews.freebsd.org/D32306 - Import _FORTIFY_SOURCE
> - https://reviews.freebsd.org/D32307 - Prepare for _FORTIFY_SOURCE
> - https://reviews.freebsd.org/D32308 - Enable it
>
> D32307 is perhaps the most interesting as it hacks around
> _FORTIFY_SOURCE redefinitions in libc. Other prerequisite work was
> needed to get this to build at all;`main` as of the bc 5.0.2 update
> (f774652b0e837b) is required.
>
> The last review enables it by default at FORTIFY_SOURCE=2, if building
> WITH_SSP (the default). It respects a "FORTIFY_SOURCE" make(1) var to
> indicate the level, so either user or a makefile can disable it as
> needed with FORTIFY_SOURCE=0.
>

Hi,

I'd forgotten about this patch set until some recent -Wfortify-source
fixes started going in; I think I'd addressed most of the feedback
months ago, and I've just finished addressing some feedback on the
manpages introduced. I'd like to maybe try and land this within the
next week or so.

Thanks,

Kyle Evans



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACNAnaEzbRU9th5Qhn-0WqL1d7uvK9ic=0EAfJMmvLmCPdotKw>