Date: Mon, 13 May 2024 18:57:26 +0000 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Cy Schubert <Cy.Schubert@cschubert.com> Cc: Kyle Evans <kevans@freebsd.org>, "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org> Subject: Re: Initial implementation of _FORTIFY_SOURCE Message-ID: <hxql75nrkuggdcjtocsbcezvjfxa4bblg3iyqy46rqnju66ozx@6nmq3uczc7y4> In-Reply-To: <20240513180924.29C872B4@slippy.cwsent.com> References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org> <20240513180924.29C872B4@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nmt567hh7ns2zacp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, May 13, 2024 at 11:09:24AM -0700, Cy Schubert wrote:
> In message <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>, Kyle Evans=
=20
> write
> s:
> > Hi,
> >
> > As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported=
=20
> > an initial version of FORTIFY_SOURCE from FreeBSD. FORTIFY_SOURCE is a=
n=20
> > improvement over classical SSP, doing compiler-aided checking of stack=
=20
> > object sizes to detect more fine-grained stack overflow without relying=
=20
> > on the randomized stack canary just past the stack frame.
> >
> > This implementation is not yet complete, but we've done a review of=20
> > useful functions and syscalls to add checked variants of and intend to=
=20
> > complete the implementation over the next month or so.
> >
> > Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=3D2 in th=
e=20
> > buildworld env -- I intend to flip the default to 2 when WITH_SSP is se=
t=20
> > in the next month if nobody complains about serious breakage. I've=20
> > personally been rolling with FORTIFY_SOURCE=3D2 for the last three year=
s=20
> > that this has been sitting in a local branch, so I don't really=20
> > anticipate any super-fundamental breakage.
>=20
> Should this trigger a __FreeBSD_version bump?
I would encourage that so to help the ports tree determine
availability of the import.
Additionally, I've enabled _FORTIFY_SOURCE in HardenedBSD base[1] and
ports[2]. For base, it's only set (and to 2 by default) when MK_SSP is
set to yes. In ports, it's set by default except for ports that have
"kmod" in their USES.
Are there any plans to support _FORTIFY_SOURCE in the kernel?
[1]:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/927fd28755da27=
c5dd2b1b0d0396c93db585f933
[2]:
https://git.hardenedbsd.org/hardenedbsd/ports/-/commit/3d7dcd284ce3083103ed=
d6b28b3d232abbfeaa63
Thanks,
--=20
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A=
4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
--nmt567hh7ns2zacp
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmZCYo8ACgkQ/y5nonf4
4foM+A/9EleLWXUn6ckmHS1ujmx3Xpyc6ikwQ+42vyF4iOuYVXDvmH1bCQ9y3ZaN
NkGT3ngGF8zcnoCPF9/DRK4BYE6ZnkMFokoz5pMvPGgD/xd1PIIv3cmpGTE67Lqy
a3qLzX4N0jNwsPQuv5jzzWvTEDCEb5VpzVjiNRJfAtOf1FnzwEvB5plK9KwuQ89x
U7mjtF/AFaZ3wJ/FTq2exv4HADEbv48wjDLk+M9UMQtBZOd4cBZquZKTtfxeboQD
jPNzyMO3pdWCfBz6fbCMNbXMlo+/+LCUXu2YRuc4BbQQmFitKCP4iXD4xUrGGcba
0oV4xe3aW7l1DzEgQVHW5BOQTNm1hc68ynol27SQLQppKZJXe8SSxMlNZE52sQJw
BpDN/DC5dcAnxKDwBvLYr5TQaZETjS+AoohaYgPS2z1ocUtaZZKbbhZYtGf3yAeF
yoJtgJVOhhTqzE8QhTdtBx61RN1syNL5geDTo1U1F02kQb5H2+DVdvb/bxnm2kJi
7pxfm8/U5gV73aT1XTzGIYSnqrNbzRVkSvMYqgvWrhGb2SYNFPBa9fazouBOPvqa
epwapkvkH/KWStOfc2gfxqx1vLcElj7Jg3oxG9Rv4hCYZMEZnXSJztNXiS3gxQxu
CygJbBVpXyGBQvUJpVmDioqv+JD2lllWi426P6RNvBbk5Yl4Ujc=
=mYBY
-----END PGP SIGNATURE-----
--nmt567hh7ns2zacp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?hxql75nrkuggdcjtocsbcezvjfxa4bblg3iyqy46rqnju66ozx>