Date: Mon, 13 May 2024 11:09:24 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Kyle Evans <kevans@FreeBSD.org> Cc: "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org> Subject: Re: Initial implementation of _FORTIFY_SOURCE Message-ID: <20240513180924.29C872B4@slippy.cwsent.com> In-Reply-To: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org> References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>, Kyle Evans write s: > Hi, > > As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported > an initial version of FORTIFY_SOURCE from FreeBSD. FORTIFY_SOURCE is an > improvement over classical SSP, doing compiler-aided checking of stack > object sizes to detect more fine-grained stack overflow without relying > on the randomized stack canary just past the stack frame. > > This implementation is not yet complete, but we've done a review of > useful functions and syscalls to add checked variants of and intend to > complete the implementation over the next month or so. > > Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=2 in the > buildworld env -- I intend to flip the default to 2 when WITH_SSP is set > in the next month if nobody complains about serious breakage. I've > personally been rolling with FORTIFY_SOURCE=2 for the last three years > that this has been sitting in a local branch, so I don't really > anticipate any super-fundamental breakage. Should this trigger a __FreeBSD_version bump? -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240513180924.29C872B4>