From owner-freebsd-hackers@FreeBSD.ORG Mon May 28 21:22:46 2012 Return-Path: Delivered-To: freebsd-hackers@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1A438106566B for ; Mon, 28 May 2012 21:22:46 +0000 (UTC) (envelope-from jlh@FreeBSD.org) Received: from smtp5-g21.free.fr (smtp5-g21.free.fr [IPv6:2a01:e0c:1:1599::14]) by mx1.freebsd.org (Postfix) with ESMTP id 729E18FC0C for ; Mon, 28 May 2012 21:22:43 +0000 (UTC) Received: from endor.tataz.chchile.org (unknown [82.233.239.98]) by smtp5-g21.free.fr (Postfix) with ESMTP id 00EC5D480AB; Mon, 28 May 2012 23:22:37 +0200 (CEST) Received: from felucia.tataz.chchile.org (felucia.tataz.chchile.org [192.168.1.9]) by endor.tataz.chchile.org (Postfix) with ESMTP id 993CCCF4; Mon, 28 May 2012 23:22:36 +0200 (CEST) Received: by felucia.tataz.chchile.org (Postfix, from userid 1000) id 87490E0BB; Mon, 28 May 2012 21:22:36 +0000 (UTC) Date: Mon, 28 May 2012 23:22:36 +0200 From: Jeremie Le Hen To: Mel Flynn Message-ID: <20120528212236.GC47353@felucia.tataz.chchile.org> Mail-Followup-To: Mel Flynn , FreeBSD Hackers References: <4FC26F26.6000907@acsalaska.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4FC26F26.6000907@acsalaska.net> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: FreeBSD Hackers Subject: Re: Activating libssp X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2012 21:22:46 -0000 Hi Mel, On Sun, May 27, 2012 at 08:15:02PM +0200, Mel Flynn wrote: > Hi, > > for a port, I'm seeing: > #ifdef _FORTIFY_SOURCE > ... > #endif > > I did a bit of reading (http://wiki.debian.org/Hardening) for example, > searching through /usr/share/mk/* /usr/include/libssp, /usr/src/gnu/libssp. > > However, it's not clear to me, where the magic is that pulls in the > libssp library that is in /lib. > > Also - it seems to be part of gcc, so does that mean on systems without > gcc, that this library is not available or does clang have a variant? gnu/lib/libssp is built for compatibility reasons. See http://svnweb.freebsd.org/base?view=revision&revision=169718 Our libc provides the necessary symbols. http://svnweb.freebsd.org/base/head/lib/libc/sys/stack_protector.c > I do see -fstack-protector is added to CFLAGS by default, so I'm > thinking there's some magic somewhere, but I'm just missing the docs > that tell me "if you add foo to CFLAGS then bar will happen, unless baz". I'm not sure what you mean, but -fstack-protector is documented in GCC documentation, I suppose it's the same for Clang but I didn't check. You can disable it on FreeBSD by setting WITHOUT_SSP in src.conf(5). -- Jeremie Le Hen Men are born free and equal. Later on, they're on their own. Jean Yanne