From nobody Sun Feb  6 22:15:19 2022
X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1F85519B121F
	for <freebsd-arch@mlmmj.nyi.freebsd.org>; Sun,  6 Feb 2022 22:15:31 +0000 (UTC)
	(envelope-from kevans@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JsNrM0NdKz3CyJ;
	Sun,  6 Feb 2022 22:15:31 +0000 (UTC)
	(envelope-from kevans@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1644185731;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=YH06QaQcre4fdDkPb0ZjxJ2iNwHkJa6bC8i4ZNUycMc=;
	b=myASYqhuW262CLwey6pE91XoIbaBJTMm5GtiXU8/G+5km6vbh/+hPGKUeOVf22G/V50SF7
	o2g+cjfoLU8n5HOMrZd6aZErz+3Ulqva8beij2HIEgrr7R/4qqI0CXqy9P1Sq4Pg6BuE9X
	bL3ImiT5TN5aPPjj+sDHdbAVLB/GTp4aomQy22vqreXsRzzdBq1mWqeByvAF8X55MyM8ey
	YTE+KGcUwak0CnhbDg5RAHvfcAt+vtQUUOFU8UHdv3rpYQ4SS+l+uQ8mSHeYmLe+Ra2tRd
	7YUOucfwZ1ahxMjAj8BXF7wiK4Mp8CaFg+rBW0ZcNfRzlwKOU8LPaFoCsHiSNg==
Received: from mail-qt1-f169.google.com (mail-qt1-f169.google.com [209.85.160.169])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	(Authenticated sender: kevans)
	by smtp.freebsd.org (Postfix) with ESMTPSA id DCD4625297;
	Sun,  6 Feb 2022 22:15:30 +0000 (UTC)
	(envelope-from kevans@freebsd.org)
Received: by mail-qt1-f169.google.com with SMTP id v5so10539573qto.7;
        Sun, 06 Feb 2022 14:15:30 -0800 (PST)
X-Gm-Message-State: AOAM533D2N2vhUboDVmbMgZ6onRR2IzumJHuVi6nGjDF2V7CJwrYpFUU
	Nuqv6WbL5IrZMPrQqzQGxlnDXouC21D2m3R83S0=
X-Google-Smtp-Source: ABdhPJw/SyvVSPh1lvhlv+KuHZy7bBEMCL0HBmfwxy+GEmE9cU6mPW7nlKb+gsYzzd3RBC6mb32gso8bNxgOH48hncU=
X-Received: by 2002:ac8:4b59:: with SMTP id e25mr6055359qts.444.1644185730439;
 Sun, 06 Feb 2022 14:15:30 -0800 (PST)
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-arch
List-Help: <mailto:freebsd-arch+help@freebsd.org>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Subscribe: <mailto:freebsd-arch+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-arch+unsubscribe@freebsd.org>
Sender: owner-freebsd-arch@freebsd.org
MIME-Version: 1.0
References: <CACNAnaGv9gQ77_d0xbnzEYHCgHskA3SbxqpmrOJak6GboAcDxw@mail.gmail.com>
In-Reply-To: <CACNAnaGv9gQ77_d0xbnzEYHCgHskA3SbxqpmrOJak6GboAcDxw@mail.gmail.com>
From: Kyle Evans <kevans@freebsd.org>
Date: Sun, 6 Feb 2022 16:15:19 -0600
X-Gmail-Original-Message-ID: <CACNAnaEzbRU9th5Qhn-0WqL1d7uvK9ic=0EAfJMmvLmCPdotKw@mail.gmail.com>
Message-ID: <CACNAnaEzbRU9th5Qhn-0WqL1d7uvK9ic=0EAfJMmvLmCPdotKw@mail.gmail.com>
Subject: Re: _FORTIFY_SOURCE Implementation
To: Kyle Evans <kevans@freebsd.org>
Cc: freebsd-arch@freebsd.org
Content-Type: text/plain; charset="UTF-8"
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1644185731;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=YH06QaQcre4fdDkPb0ZjxJ2iNwHkJa6bC8i4ZNUycMc=;
	b=hA8BcVx/Klgxemkwrbw3w2yQzcFx71/PLjV2zcDs8TsATbYgxYqB1yqFAkbS1D52CHtUGx
	a4nOd6tqJCUwYzkLyGDvOAECLj7vXiKg3lycXJnnHdVKfxqYKjbAmCEmDA2kQaZt/BT1CB
	UNoZnN7x4bS1w6Ebg4xzSwW621L10YZjvQpiZzmYUbELwjjQsCCkpmCPW5cdBA9yx/hzgt
	sfcjiqphE5hR/k92Wk6nKX+ViInYnaGsJ682bKtTmqJz1hRVbxBV9T7ybnd7eeoC+dEr7X
	ZNgdH0LWH2ZukjRA6Xd9qzaS53VWBO2txIb4tekG5Hh56nuilAEp9h00Wxh9bw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1644185731; a=rsa-sha256; cv=none;
	b=Qt2HnxvsbycaVifoG/uyc4V+W6aHFFbQKem5NOG/M1wFwnHR2MoAxaKZeApTKvXhGV1wSK
	IoSocz2GzMsp83VppJYgtvyJvfEjUV091y1riwu3IoKnC1xJQ+0RU80R0q8wR+9sNp4zE8
	3NX5NebIlKiA+xrcZyLgSwfpAtmfha/GVRkXsBJrR3Lx/U4VF6CTKCtbmLWK2ENWz3bsZm
	GEEzmx/kXr6Bv9SEJ4yGNrSq73awmLByfHpUPCNqqw0rmj2m8j3gKAaItaNpLcnlBxufWX
	bv243vSq+dyVbmykl6LLJntoc0UobQdG5md0eXiPnLbjuL3ZgmeJDhdmUbF6iQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

On Mon, Oct 4, 2021 at 11:01 PM Kyle Evans <kevans@freebsd.org> wrote:
>
> Hello!
>
> I've just created three reviews to import and enable the
> _FORTIFY_SOURCE implementation from NetBSD. For some light background,
> _FORTIFY_SOURCE attempts to detect some classes of buffer overflows.
>
> - https://reviews.freebsd.org/D32306 - Import _FORTIFY_SOURCE
> - https://reviews.freebsd.org/D32307 - Prepare for _FORTIFY_SOURCE
> - https://reviews.freebsd.org/D32308 - Enable it
>
> D32307 is perhaps the most interesting as it hacks around
> _FORTIFY_SOURCE redefinitions in libc. Other prerequisite work was
> needed to get this to build at all;`main` as of the bc 5.0.2 update
> (f774652b0e837b) is required.
>
> The last review enables it by default at FORTIFY_SOURCE=2, if building
> WITH_SSP (the default). It respects a "FORTIFY_SOURCE" make(1) var to
> indicate the level, so either user or a makefile can disable it as
> needed with FORTIFY_SOURCE=0.
>

Hi,

I'd forgotten about this patch set until some recent -Wfortify-source
fixes started going in; I think I'd addressed most of the feedback
months ago, and I've just finished addressing some feedback on the
manpages introduced. I'd like to maybe try and land this within the
next week or so.

Thanks,

Kyle Evans