Date: Tue, 29 Nov 2016 11:22:00 +0200 From: Konstantin Belousov <kostikbel@gmail.com> To: Dewayne Geraghty <dewaynegeraghty@gmail.com> Cc: freebsd-stable stable <freebsd-stable@freebsd.org>, toolchain@freebsd.org Subject: Re: How to turn off SSP stack-protector on 11.0S Message-ID: <20161129092200.GU54029@kib.kiev.ua> In-Reply-To: <CAGnMC6oftf7%2B0CLyDWGDjh9y=3dTTpMDrS6%2BdB=%2BMBXQ6DKkPQ@mail.gmail.com> References: <CAGnMC6oftf7%2B0CLyDWGDjh9y=3dTTpMDrS6%2BdB=%2BMBXQ6DKkPQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 29, 2016 at 12:32:28PM +1100, Dewayne Geraghty wrote: > Is WITHOUT_SSP actually honoured and is building a world and/or ports > without SSP possible? Advise/suggestions appreciated. > > Amongst the 9 different server configurations that we build/support, we've > been asked to build a machine dedicated to PROLOG use. (yes really). > > As such we're trying to turn off everything that isn't needed for this > particular server. For those concerned with security, it is an air-gap > machine receiving data via usb. > > We've built/installed 11.0S from source. Now we're building the custom > server. However, even with WITHOUT_SSP= in both /etc/make.conf and > /etc/src.conf, we come up against little issues like: > "can not find /usr/lib/libssp_nonshared.a" So, does your host have /usr/lib/libssp_nonshared.a ? How did you installed 11.0, and what does designator 11.0S above mean ? Easy way out is to claim that r307146 should help you, but I suspect that there is something more broken in your configuration or build/install method. > > An example: > Stage 2.3: build tools > ===> bin/csh (obj,build-tools) > grep 'ERR_' /usr/src/bin/csh/../../contrib/tcsh/sh.err.c | grep '^#define' > >> sh.err.h > cc -E -O2 -pipe -g0 -ggdb0 -DSTRIP_FBSDID -UDEBUGGING -UDEBUG > -DUSB_HAVE_DISABLE_ENUM -I. -I/usr/src/bin/csh > -I/usr/src/bin/csh/../../contrib/tcsh -D_PATH_TCSHELL='"/bin/csh"' -g > -std=gnu99 -Qunused-arguments > -I/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/include > /usr/src/bin/csh/../../contrib/tcsh/tc.const.c > /usr/src/bin/csh/../../contrib/tcsh/sh.char.h /usr/src/bin/csh/config.h > /usr/src/bin/csh/../../contrib/tcsh/config_f.h > /usr/src/bin/csh/../../contrib/tcsh/sh.types.h sh.err.h -D_h_tc_const | > grep 'Char STR' | sed -e 's/Char \([a-zA-Z0-9_]*\)\(.*\)/extern Char > \1[];/' | sort >> tc.const.h > cc -o gethost -L/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/lib -O2 > -pipe -g0 -ggdb0 -DSTRIP_FBSDID -UDEBUGGING -UDEBUG > -DUSB_HAVE_DISABLE_ENUM -I. -I/usr/src/bin/csh > -I/usr/src/bin/csh/../../contrib/tcsh -D_PATH_TCSHELL='"/bin/csh"' -g > -std=gnu99 -Qunused-arguments > -I/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/include > /usr/src/bin/csh/../../contrib/tcsh/gethost.c > /usr/bin/ld: cannot find /usr/lib/libssp_nonshared.a > cc: error: linker command failed with exit code 1 (use -v to see invocation) > *** [gethost] Error code 1 > > Note the > /usr/bin/ld: cannot find /usr/lib/libssp_nonshared.a > > It seems that the linker is trying to use the above library during the > build of all static images/executables. P.S. Toolchain@ is the place where you more likely to get a useful feedback.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161129092200.GU54029>