Date: Mon, 28 May 2012 23:22:36 +0200 From: Jeremie Le Hen <jlh@FreeBSD.org> To: Mel Flynn <rflynn@acsalaska.net> Cc: FreeBSD Hackers <freebsd-hackers@FreeBSD.org> Subject: Re: Activating libssp Message-ID: <20120528212236.GC47353@felucia.tataz.chchile.org> In-Reply-To: <4FC26F26.6000907@acsalaska.net> References: <4FC26F26.6000907@acsalaska.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Mel, On Sun, May 27, 2012 at 08:15:02PM +0200, Mel Flynn wrote: > Hi, > > for a port, I'm seeing: > #ifdef _FORTIFY_SOURCE > ... > #endif > > I did a bit of reading (http://wiki.debian.org/Hardening) for example, > searching through /usr/share/mk/* /usr/include/libssp, /usr/src/gnu/libssp. > > However, it's not clear to me, where the magic is that pulls in the > libssp library that is in /lib. > > Also - it seems to be part of gcc, so does that mean on systems without > gcc, that this library is not available or does clang have a variant? gnu/lib/libssp is built for compatibility reasons. See http://svnweb.freebsd.org/base?view=revision&revision=169718 Our libc provides the necessary symbols. http://svnweb.freebsd.org/base/head/lib/libc/sys/stack_protector.c > I do see -fstack-protector is added to CFLAGS by default, so I'm > thinking there's some magic somewhere, but I'm just missing the docs > that tell me "if you add foo to CFLAGS then bar will happen, unless baz". I'm not sure what you mean, but -fstack-protector is documented in GCC documentation, I suppose it's the same for Clang but I didn't check. You can disable it on FreeBSD by setting WITHOUT_SSP in src.conf(5). -- Jeremie Le Hen Men are born free and equal. Later on, they're on their own. Jean Yanne
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120528212236.GC47353>