From owner-freebsd-stable@freebsd.org  Tue Nov 29 01:32:59 2016
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 52177C5AEB5
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Tue, 29 Nov 2016 01:32:59 +0000 (UTC)
 (envelope-from dewaynegeraghty@gmail.com)
Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com
 [IPv6:2607:f8b0:4001:c06::22c])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1DE5C1DBF
 for <freebsd-stable@freebsd.org>; Tue, 29 Nov 2016 01:32:59 +0000 (UTC)
 (envelope-from dewaynegeraghty@gmail.com)
Received: by mail-io0-x22c.google.com with SMTP id m5so126306373ioe.3
 for <freebsd-stable@freebsd.org>; Mon, 28 Nov 2016 17:32:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:from:date:message-id:subject:to;
 bh=JwMyNZrTNcqasqa+DlYydQRSGOOZejkHz73QH678Jj4=;
 b=vELLlvjTipx6bf986rz89qW7CBV8e6KBVA3LZPZeolM7qXpTPSqYugbOiLk/6KuY3e
 pLa0E9snWOYl3GWbsLncMmCh7fGhHDAvEvAKZ89T0KyQcUHq+doNtQtDbQiQb9404sXa
 aF202veChJmkhagxsUNrvvrguSCGAbzzsZd5CfGTtLAnJcFq3z39m3KmMqWiaL5XlYL4
 gZv4regF7RgukSGmcZW3QyXS9+PNZlxdCfZFF/hFGs9oUS9JZUGWCuLdLaUjyF2mbPYC
 XBgiSBZOeNuMgShXcKnOAxSN6YDsd/lrA9OR/GXba2DCHRKuFpeFA6vUM2FBE7CbiG4W
 NrJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=JwMyNZrTNcqasqa+DlYydQRSGOOZejkHz73QH678Jj4=;
 b=TaMKkTObMxgDENKbopYTelPHRcK5KKch8jBikGJXhSAwy9G4mh8ZoNvvwL/k5vxO/x
 5DssvUmImFZSW15OkZ/cfGFJvSR6Lh5e2upnZSmg0nuqXe43DXwMugoZpLNEVAehzZBW
 J9tzWmC78vaZU3d2xMndSS2Do15Y0zUy+U3/OOrtTaMaD2vO/OKOLNAw+H1mNRZ1kT13
 y4wk1E7nY2SXsVCRrsQPnb4XV3GA4+p+L0ZQsOOEfHesEA7WqjIefLR4/WOjVRxRHX69
 aIFK59eKDWQDVhlf5fTBCGbCe7fdtEOREI/E4y+htGWdSy+gcSi1EjYw4Tw9GyRCI515
 szbg==
X-Gm-Message-State: AKaTC00AXzmZIWIsZe3adfjSJi6ypm5u7Lkh0jgdWX+Odn9sR9HMzalvFwhzc6r+SB9kqgA/JnUpcy1mto7Nxg==
X-Received: by 10.36.90.72 with SMTP id v69mr21269120ita.74.1480383178354;
 Mon, 28 Nov 2016 17:32:58 -0800 (PST)
MIME-Version: 1.0
Received: by 10.79.2.130 with HTTP; Mon, 28 Nov 2016 17:32:28 -0800 (PST)
From: Dewayne Geraghty <dewaynegeraghty@gmail.com>
Date: Tue, 29 Nov 2016 12:32:28 +1100
Message-ID: <CAGnMC6oftf7+0CLyDWGDjh9y=3dTTpMDrS6+dB=+MBXQ6DKkPQ@mail.gmail.com>
Subject: How to turn off SSP stack-protector on 11.0S
To: freebsd-stable stable <freebsd-stable@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2016 01:32:59 -0000

Is WITHOUT_SSP actually honoured and is building a world and/or ports
without SSP possible? Advise/suggestions appreciated.

Amongst the 9 different server configurations that we build/support, we've
been asked to build a machine dedicated to PROLOG use.  (yes really).

As such we're trying to turn off everything that isn't needed for this
particular server.  For those concerned with security, it is an air-gap
machine receiving data via usb.

We've built/installed 11.0S from source.  Now we're building the custom
server.  However, even with WITHOUT_SSP= in both /etc/make.conf and
/etc/src.conf, we come up against little issues like:
"can not find /usr/lib/libssp_nonshared.a"

An example:
Stage 2.3: build tools
===> bin/csh (obj,build-tools)
grep 'ERR_' /usr/src/bin/csh/../../contrib/tcsh/sh.err.c | grep '^#define'
>> sh.err.h
cc -E -O2 -pipe -g0 -ggdb0 -DSTRIP_FBSDID -UDEBUGGING -UDEBUG
-DUSB_HAVE_DISABLE_ENUM -I. -I/usr/src/bin/csh
-I/usr/src/bin/csh/../../contrib/tcsh -D_PATH_TCSHELL='"/bin/csh"' -g
-std=gnu99 -Qunused-arguments
-I/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/include
/usr/src/bin/csh/../../contrib/tcsh/tc.const.c
/usr/src/bin/csh/../../contrib/tcsh/sh.char.h /usr/src/bin/csh/config.h
/usr/src/bin/csh/../../contrib/tcsh/config_f.h
/usr/src/bin/csh/../../contrib/tcsh/sh.types.h sh.err.h -D_h_tc_const |
grep 'Char STR' |  sed -e 's/Char \([a-zA-Z0-9_]*\)\(.*\)/extern Char
\1[];/' |  sort >> tc.const.h
cc -o gethost  -L/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/lib -O2
-pipe -g0 -ggdb0 -DSTRIP_FBSDID  -UDEBUGGING -UDEBUG
-DUSB_HAVE_DISABLE_ENUM -I. -I/usr/src/bin/csh
-I/usr/src/bin/csh/../../contrib/tcsh -D_PATH_TCSHELL='"/bin/csh"' -g
-std=gnu99 -Qunused-arguments
-I/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/include
/usr/src/bin/csh/../../contrib/tcsh/gethost.c
/usr/bin/ld: cannot find /usr/lib/libssp_nonshared.a
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** [gethost] Error code 1

Note the
/usr/bin/ld: cannot find /usr/lib/libssp_nonshared.a

It seems that the linker is trying to use the above library during the
build of all static images/executables.