From nobody Tue Oct  5 04:01:37 2021
X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 68AB012D4F7F
	for <freebsd-arch@mlmmj.nyi.freebsd.org>; Tue,  5 Oct 2021 04:01:48 +0000 (UTC)
	(envelope-from kevans@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4HNkRc1gWDz3NjY
	for <freebsd-arch@freebsd.org>; Tue,  5 Oct 2021 04:01:48 +0000 (UTC)
	(envelope-from kevans@freebsd.org)
Received: from mail-qt1-f170.google.com (mail-qt1-f170.google.com [209.85.160.170])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
	(Authenticated sender: kevans)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 155E52C177
	for <freebsd-arch@freebsd.org>; Tue,  5 Oct 2021 04:01:48 +0000 (UTC)
	(envelope-from kevans@freebsd.org)
Received: by mail-qt1-f170.google.com with SMTP id x9so7805151qtv.0
        for <freebsd-arch@freebsd.org>; Mon, 04 Oct 2021 21:01:48 -0700 (PDT)
X-Gm-Message-State: AOAM530yciLMqyv6nBcG+5kL62a3Dy7l4eKiAZraXcgM81KXYfOYk2nP
	9Y5Eu0Ey5BLIJXRSUYkQgwoK8cz8e3M2wiFYCjI=
X-Google-Smtp-Source: ABdhPJzE7EdJzUZI4UvawkHF+Uf+2KWWcRK07kXZy7b3i3dnFH7aCCBN4xlm3ymjuZqBqEzxQM0uReg2LVnOZiM6EQI=
X-Received: by 2002:ac8:7384:: with SMTP id t4mr17303045qtp.83.1633406507747;
 Mon, 04 Oct 2021 21:01:47 -0700 (PDT)
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-arch
List-Help: <mailto:freebsd-arch+help@freebsd.org>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Subscribe: <mailto:freebsd-arch+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-arch+unsubscribe@freebsd.org>
Sender: owner-freebsd-arch@freebsd.org
MIME-Version: 1.0
From: Kyle Evans <kevans@freebsd.org>
Date: Mon, 4 Oct 2021 23:01:37 -0500
X-Gmail-Original-Message-ID: <CACNAnaGv9gQ77_d0xbnzEYHCgHskA3SbxqpmrOJak6GboAcDxw@mail.gmail.com>
Message-ID: <CACNAnaGv9gQ77_d0xbnzEYHCgHskA3SbxqpmrOJak6GboAcDxw@mail.gmail.com>
Subject: _FORTIFY_SOURCE Implementation
To: freebsd-arch@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-ThisMailContainsUnwantedMimeParts: N

Hello!

I've just created three reviews to import and enable the
_FORTIFY_SOURCE implementation from NetBSD. For some light background,
_FORTIFY_SOURCE attempts to detect some classes of buffer overflows.

- https://reviews.freebsd.org/D32306 - Import _FORTIFY_SOURCE
- https://reviews.freebsd.org/D32307 - Prepare for _FORTIFY_SOURCE
- https://reviews.freebsd.org/D32308 - Enable it

D32307 is perhaps the most interesting as it hacks around
_FORTIFY_SOURCE redefinitions in libc. Other prerequisite work was
needed to get this to build at all;`main` as of the bc 5.0.2 update
(f774652b0e837b) is required.

The last review enables it by default at FORTIFY_SOURCE=2, if building
WITH_SSP (the default). It respects a "FORTIFY_SOURCE" make(1) var to
indicate the level, so either user or a makefile can disable it as
needed with FORTIFY_SOURCE=0.

Thanks,

Kyle Evans