Date: Sun, 19 May 2024 02:17:34 +0000 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Kyle Evans <kevans@freebsd.org> Cc: Pedro Giffuni <pfg@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, "dev-commits-src-all@freebsd.org" <dev-commits-src-all@freebsd.org>, "dev-commits-src-main@freebsd.org" <dev-commits-src-main@freebsd.org> Subject: Re: git: be04fec42638 - main - Import _FORTIFY_SOURCE implementation from NetBSD Message-ID: <sz62yrsddrrztzhxbuntzfsgumigfbgy46uwrbfvkxtgrvjxmo@5mqm3jglrjgk> In-Reply-To: <6276b721-6c7b-41cd-9d1b-4169e86ec5e9@FreeBSD.org> References: <02326b5e-a1fe-4411-a869-d21f9a76130c@email.android.com> <999469960.1638478.1716080957814@mail.yahoo.com> <6276b721-6c7b-41cd-9d1b-4169e86ec5e9@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--66ccod2zjktdeno2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, May 18, 2024 at 09:08:48PM -0500, Kyle Evans wrote: >=20 >=20 > On 5/18/24 20:09, Pedro Giffuni wrote: > > (sorry for top posting .. my mailer just sucks) > > Hi; > >=20 > > I used to like the limited static checking FORTIFY_SOURCE provides and > > when I ran it over FreeBSD it did find a couple of minor issues. It only > > works for GCC though. > >=20 >=20 > I don't think this is particularly true anymore; I haven't found a case y= et > where __builtin_object_size(3) doesn't give me the correct size while GCC > did. I'd welcome counter-examples here, though -- we have funding to both > finish the project (widen the _FORTIFY_SOURCE net to more of libc/libsys) > and add tests to demonstrate that it's both functional and correct. It > would be useful to also document deficiencies in the tests. >=20 > > I guess it doesn't really hurt to have FORTIFY_SOURCE around and NetBSD > > had the least intrusive implementation the last time I checked but I > > would certainly request it should never be activated by default, > > specially with clang. The GCC version has seen more development on glibc > > but I still think its a dead end. > >=20 >=20 > I don't see a compelling reason to avoid enabling it by default; see abov= e, > the functionality that we need in clang appears to be just fine (and, iir= c, > was also fine when I checked at the beginning of working on this in 2021) > and it provides useful >=20 > > What I would like to see working on FreeBSD is Safestack as a > > replacement for the stack protector, which we were so very slow to adopt > > even when it was originally developed in FreeBSD. I think other projects > > based on FreeBSD (Chimera and hardenedBSD) have been using it but I > > don't know the details. > >=20 >=20 > No comment there, though I think Shawn Webb / HardenedBSD had been playing > around with SafeStack (and might have enabled it? I haven't actually look= ed > in a while now). =20 HardenedBSD has enabled SafeStack for userland applications and base and a few ports. HardenedBSD uses -fstack-protector-all. I don't see _FORTIFY_SOURCE, SafeStack, and SSP as mutually exclusive. In fact, I view all three as complementary. _FORTIFY_SOURCE can have a much wider reach than SafeStack at the moment. SafeStack cannot be applied to shared objects, only dynamically-loaded executables (ELF ET_DYN and ET_EXEC). SafeStack relies on both ASLR and W^X for efficacy. SafeStack cannot be used with setjmp/longjmp. I would like to see SafeStack reach completion and have made attempts in the past to help push the needle in that direction. We need explicit support in the RTLD and libc in order to apply it to libraries. Additionally, we would like to apply it to statically-linked binaries. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --66ccod2zjktdeno2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmZJYSgACgkQ/y5nonf4 4foEuQ//SqRetIhK6PGoaW1c11RZxy6aauHMpXnab1QWn+Lfm45jiwctkCw38oDz YEzN3iWXBof/7VyUdFC0dk4U7xT3s1DEmQYasWV3yhOp+9WLffWSsFHXP0H1uxiK Obvb8EhJ9DqMWkc20owofHxro2dnHgdG/15r13irdEW9McgeDiVZ+sjqdlJa0ahJ RP78qfiINmruN91sdKVS5K+qJjl43CFnaTd4AzxZpdyjPR8feH12CJCWzZH2xijW DZZ9fIhlJ02++GPCWoiJxuIXSC8EFYn11vTHxYGNUXosVN3F28V5eDpNRMwQ7cDY HCV8DF7HsFNjnliP+fEddrUd6BHYKmbXLZ1tHxDMw/TOkQF8e9eHkcuou9+zrFY+ Jk7A9Gx8GaKLRV0k3WhDBFl+55L99Pl6Rrn+IEoAkBrn/B3mbhGYDGgMcGXBsHg/ jdwqLetePTXlmatxNmIYeTwQf7sXntzD2CO4BJhASvoQPW6KYlfPWZlBBuJSqMbO eR/fuKoQErs+j9TESx9XV/PL/Ip0op7rOThm6S51p9EAUXKL3ZBSGk6T1vtKBS+V brrfH6TwtS8hGB7aDy//2JSXuPmhgzD/YtS1TSGNRiwC5v9T5PYBAvmtoo082mz6 dt/oN9B1JYsI+tNXSzhhojbso8MATvH2OTkb+jKRpgkqzKBNCFA= =qMV8 -----END PGP SIGNATURE----- --66ccod2zjktdeno2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?sz62yrsddrrztzhxbuntzfsgumigfbgy46uwrbfvkxtgrvjxmo>