Date: Tue, 13 Jun 2006 17:52:36 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: "M. Warner Losh" <imp@bsdimp.com> Cc: keramida@ceid.upatras.gr, rip@overflow.no, drosih@rpi.edu, freebsd-current@freebsd.org Subject: Re: [fbsd] Re: [fbsd] Integrating ProPolice/SSP into FreeBSD Message-ID: <20060613155236.GL19457@obiwan.tataz.chchile.org> In-Reply-To: <20060610.001741.1021577364.imp@bsdimp.com> References: <4489DCAE.3070005@overflow.no> <20060609233148.GA88285@gothmog.pc> <p06230932c0afbc6f54dc@[128.113.24.47]> <20060610.001741.1021577364.imp@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Thanks to everyone who gave me some feedback. On 2006-06-09 16:40, Chris <rip@overflow.no> wrote: > : > > : > > I'm using it successfuly with the stackp-gap and the random > : > > mmap on 6.1-RELEASE. No problems at all really :) Except > : > > that I want a nob for gcc to use the protection by default. > : > > We discussed this in another email. Chris, Yes, indeed. I forgot to keep you in touch as I had promised, nevertheless I have thought about it. When I started my patch back in 2005, I did have an option to use stack protector by default. However, this led to an heavy ratio of noise in the Makefiles, given the WITH_*/WITHOUT_* wasn't there yet in that time. If I add this now, I think it would be less intrusive than it was, but only for CURRENT. RELENG_6 still uses the old NO_* knobs, and this would be a mess like it has been in the past. Currently I am willing to maintain a patch for each branch. There is already a small gap between them and I really don't want to see it become wider. I could probably implement this stuff in CURRENT, but I am pretty sure this would lead to a non-negligible number of RELENG_6 users asking me why this hasn't been implemented for their branch. IOW, I think I should prevent from implementing this option for the moment, at least while RELENG_7 hasn't been branched. On Sat, Jun 10, 2006 at 12:17:41AM -0600, M. Warner Losh wrote: > In message: <p06230932c0afbc6f54dc@[128.113.24.47]> > Garance A Drosihn <drosih@rpi.edu> writes: > : At 2:31 AM +0300 6/10/06, Giorgos Keramidas wrote: > : >You can always use `/etc/make.conf' to set it globally, right? > : > : Not quite globally. That will only set it for programs > : whose makefiles .include /usr/share/mk/sys.mk . That's > : all of buildworld, but it wouldn't include programs that > : people are building on their own. > > Actually, all invocationso of make use /usr/share/mk/sys.mk. It is > global. And therefore /etc/make.conf is included for all Makefiles in > the system (except when one uses gmake :-). I wanted to use share/mk/sys.mk for a while because it was indeed read by make(1) upon each invocation, but meanwhile I was a little reluctant because the SSP stuff has really nothing to do with what was already living there. Finally, I decided to be as little intrusive as I could and modified bsd.sys.mk. Thus GCC would be merely SSP-ready for all applications. I added the required glue in Makefiles in order to make buildworld and (most) ports work without any pain, with the help of WITH(OUT)_SSP. It is up to the user to manage with the SSP flags if he uses gmake or BSD make without bsd.prog.mk, bsd.lib.mk or bsd.port.mk. (For pedantic people, I don't mean bsd.sys.mk is used for ports. Actually I created bsd.ssp.mk which is included in both bsd.sys.mk and bsd.port.mk.) Thank you. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060613155236.GL19457>