Date: Sun, 6 Feb 2022 16:15:19 -0600 From: Kyle Evans <kevans@freebsd.org> To: Kyle Evans <kevans@freebsd.org> Cc: freebsd-arch@freebsd.org Subject: Re: _FORTIFY_SOURCE Implementation Message-ID: <CACNAnaEzbRU9th5Qhn-0WqL1d7uvK9ic=0EAfJMmvLmCPdotKw@mail.gmail.com> In-Reply-To: <CACNAnaGv9gQ77_d0xbnzEYHCgHskA3SbxqpmrOJak6GboAcDxw@mail.gmail.com> References: <CACNAnaGv9gQ77_d0xbnzEYHCgHskA3SbxqpmrOJak6GboAcDxw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 4, 2021 at 11:01 PM Kyle Evans <kevans@freebsd.org> wrote: > > Hello! > > I've just created three reviews to import and enable the > _FORTIFY_SOURCE implementation from NetBSD. For some light background, > _FORTIFY_SOURCE attempts to detect some classes of buffer overflows. > > - https://reviews.freebsd.org/D32306 - Import _FORTIFY_SOURCE > - https://reviews.freebsd.org/D32307 - Prepare for _FORTIFY_SOURCE > - https://reviews.freebsd.org/D32308 - Enable it > > D32307 is perhaps the most interesting as it hacks around > _FORTIFY_SOURCE redefinitions in libc. Other prerequisite work was > needed to get this to build at all;`main` as of the bc 5.0.2 update > (f774652b0e837b) is required. > > The last review enables it by default at FORTIFY_SOURCE=2, if building > WITH_SSP (the default). It respects a "FORTIFY_SOURCE" make(1) var to > indicate the level, so either user or a makefile can disable it as > needed with FORTIFY_SOURCE=0. > Hi, I'd forgotten about this patch set until some recent -Wfortify-source fixes started going in; I think I'd addressed most of the feedback months ago, and I've just finished addressing some feedback on the manpages introduced. I'd like to maybe try and land this within the next week or so. Thanks, Kyle Evans
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACNAnaEzbRU9th5Qhn-0WqL1d7uvK9ic=0EAfJMmvLmCPdotKw>