Date: Mon, 4 Oct 2021 23:01:37 -0500 From: Kyle Evans <kevans@freebsd.org> To: freebsd-arch@freebsd.org Subject: _FORTIFY_SOURCE Implementation Message-ID: <CACNAnaGv9gQ77_d0xbnzEYHCgHskA3SbxqpmrOJak6GboAcDxw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello! I've just created three reviews to import and enable the _FORTIFY_SOURCE implementation from NetBSD. For some light background, _FORTIFY_SOURCE attempts to detect some classes of buffer overflows. - https://reviews.freebsd.org/D32306 - Import _FORTIFY_SOURCE - https://reviews.freebsd.org/D32307 - Prepare for _FORTIFY_SOURCE - https://reviews.freebsd.org/D32308 - Enable it D32307 is perhaps the most interesting as it hacks around _FORTIFY_SOURCE redefinitions in libc. Other prerequisite work was needed to get this to build at all;`main` as of the bc 5.0.2 update (f774652b0e837b) is required. The last review enables it by default at FORTIFY_SOURCE=2, if building WITH_SSP (the default). It respects a "FORTIFY_SOURCE" make(1) var to indicate the level, so either user or a makefile can disable it as needed with FORTIFY_SOURCE=0. Thanks, Kyle Evans
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACNAnaGv9gQ77_d0xbnzEYHCgHskA3SbxqpmrOJak6GboAcDxw>