From nobody Sun Nov 17 15:30:34 2024 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Xrw3n00qGz5d2vY for ; Sun, 17 Nov 2024 15:41:57 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "mailgate.leidinger.net", Issuer "E6" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Xrw3l6CcXz4Tdl for ; Sun, 17 Nov 2024 15:41:55 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=leidinger.net header.s=outgoing-alex header.b="hP+E/+Nf"; spf=pass (mx1.freebsd.org: domain of Alexander@Leidinger.net designates 89.238.82.207 as permitted sender) smtp.mailfrom=Alexander@Leidinger.net; dmarc=pass (policy=quarantine) header.from=leidinger.net List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net; s=outgoing-alex; t=1731858107; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=T34goCIAiOsisHAI2eGKZ/wVvCLWi5U5+3TJX6z/QR0=; b=hP+E/+Nfk+RH9lROlTl7Z86NSbPtTDYL+bGXlnzTtgh1pp7nIph0xSWBFh0Q14Y1v25ggz yp4Lg7FuTogbKarVmc7qPF8mT+WXrGjiXCrdZQwB91fPbmzVIYL4BCw+OgyEjJOzic4/ED WYJRinI7g4prE7TR7Wkyz1XsDwdeP1s9vb0U3SK7MB/PNrU8KiS5yIvg90Xtjd0Je91suj wwYNoVHZR38tGXQsBUZV8+YSWF7DS++v+U+IbqPqV7Pku0xb+29UI4Vhvv5E9wAx1hg1JL SuJBquj3+Jdx1BSqljbxkq9ST8NuN0z8wRVg4Egs9yo15M0f5HDWqbgn0Akm+w== Date: Sun, 17 Nov 2024 16:30:34 +0100 From: Alexander Leidinger To: Current FreeBSD Subject: Playing around with security hardening compiler flags Message-ID: <01a4b49d43860c30e480ec7cf5bd08f9@Leidinger.net> Organization: No organization, this is a private message. Content-Type: multipart/signed; protocol="application/pgp-signature"; boundary="=_8a2c56e7a664655d96511974de246ef1"; micalg=pgp-sha256 X-Spamd-Result: default: False [-6.10 / 15.00]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[leidinger.net,quarantine]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; R_SPF_ALLOW(-0.20)[+mx]; R_DKIM_ALLOW(-0.20)[leidinger.net:s=outgoing-alex]; MISSING_XM_UA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:34240, ipnet:89.238.64.0/18, country:DE]; HAS_ORG_HEADER(0.00)[]; DKIM_TRACE(0.00)[leidinger.net:+]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; TO_DN_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; HAS_ATTACHMENT(0.00)[] X-Rspamd-Queue-Id: 4Xrw3l6CcXz4Tdl X-Spamd-Bar: ------ This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --=_8a2c56e7a664655d96511974de246ef1 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed Hi, after reading https://security.googleblog.com/2024/11/retrofitting-spatial-safety-to-hundreds.html https://libcxx.llvm.org/Hardening.html https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html I played around a bit with some of the flags there (in CFLAGS). What doesn't work: - -fstrict-flex-arrays=3 (variable array issue in IIRC a tool for ath) - -fstrict-flex-arrays=2 (issue in another area, haven't checked further) What works and results in a world+kernel which is able to boot: - -D_GLIBCXX_ASSERTIONS - -fstrict-flex-arrays=1 - -fstack-clash-protection - -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE Does someone has any reason / argument why some of those shouldn't be used when building FreeBSD? Should something like this be optional, and if yes, enabled by default, or disabled by default? Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_8a2c56e7a664655d96511974de246ef1 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc; size=833 Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmc6DCoACgkQEg2wmwP4 2IbwtRAAjL1lgKhYzKCNy/bYE4V/PcncUtziZexqmrldPRDHBnsWsCuyRBJQZpgq Gcc9JkER8io9XsckV65zZh83X2uL7Zit2XvaYPvjyUmzjFrZkp268uhp3H2fSgsK njcgEh4HIEXgMxtUrPbun+jhHi/FjLmua0hALx4YDcxb/EGfTBNTlZT/PHi9DcXT 2REz6OVKBDXA4dsHVdqvZ/S5f9OvoP6/PucgYYpvaD5g1WWuKR0fdx73Bs72bFzt G8QrQSPn4rqBeI6zGVZKiGirdSNa9iS3RZUDndSXiK14y5uJpVuOvJu3pMtH4wdA DRX4s1eo6lZKvVA7NWjc62wMO2tPZ6Ye7M4G+wmbvKVazZxQrB3y3BlPV1H4G38x M2b0nEgEBKKuG0t3AScYbgpNN5gIWavhoQFINllKdyPxD45et+V2aDHRI/nfV868 0oskfwH3i+omznkOkw3vVR4eMJnHAxxgIwD1rwlYdD/gXVkT/IaOMGbqUcjEyOpx 6mG7FUnNxLYOq4LDoI/eS3vnoRlv1CrLXtsR0n6akvHMabiY+jFnb6EJyibdXejI WRqjRN0MySMTg0Jy5Bmh+xpEaD8H3daDEewycLmgTKnXzGhA9UCuZASVhqtd9rJ7 HrjHZkQ56+5XHtRjYSUTj+VZ5w2z4txG5s9Icn95j42FEnc4qG8= =1sRY -----END PGP SIGNATURE----- --=_8a2c56e7a664655d96511974de246ef1--