Date: Mon, 13 May 2024 18:57:26 +0000 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Cy Schubert <Cy.Schubert@cschubert.com> Cc: Kyle Evans <kevans@freebsd.org>, "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org> Subject: Re: Initial implementation of _FORTIFY_SOURCE Message-ID: <hxql75nrkuggdcjtocsbcezvjfxa4bblg3iyqy46rqnju66ozx@6nmq3uczc7y4> In-Reply-To: <20240513180924.29C872B4@slippy.cwsent.com> References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org> <20240513180924.29C872B4@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nmt567hh7ns2zacp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 13, 2024 at 11:09:24AM -0700, Cy Schubert wrote: > In message <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>, Kyle Evans= =20 > write > s: > > Hi, > > > > As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported= =20 > > an initial version of FORTIFY_SOURCE from FreeBSD. FORTIFY_SOURCE is a= n=20 > > improvement over classical SSP, doing compiler-aided checking of stack= =20 > > object sizes to detect more fine-grained stack overflow without relying= =20 > > on the randomized stack canary just past the stack frame. > > > > This implementation is not yet complete, but we've done a review of=20 > > useful functions and syscalls to add checked variants of and intend to= =20 > > complete the implementation over the next month or so. > > > > Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=3D2 in th= e=20 > > buildworld env -- I intend to flip the default to 2 when WITH_SSP is se= t=20 > > in the next month if nobody complains about serious breakage. I've=20 > > personally been rolling with FORTIFY_SOURCE=3D2 for the last three year= s=20 > > that this has been sitting in a local branch, so I don't really=20 > > anticipate any super-fundamental breakage. >=20 > Should this trigger a __FreeBSD_version bump? I would encourage that so to help the ports tree determine availability of the import. Additionally, I've enabled _FORTIFY_SOURCE in HardenedBSD base[1] and ports[2]. For base, it's only set (and to 2 by default) when MK_SSP is set to yes. In ports, it's set by default except for ports that have "kmod" in their USES. Are there any plans to support _FORTIFY_SOURCE in the kernel? [1]: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/927fd28755da27= c5dd2b1b0d0396c93db585f933 [2]: https://git.hardenedbsd.org/hardenedbsd/ports/-/commit/3d7dcd284ce3083103ed= d6b28b3d232abbfeaa63 Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --nmt567hh7ns2zacp Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmZCYo8ACgkQ/y5nonf4 4foM+A/9EleLWXUn6ckmHS1ujmx3Xpyc6ikwQ+42vyF4iOuYVXDvmH1bCQ9y3ZaN NkGT3ngGF8zcnoCPF9/DRK4BYE6ZnkMFokoz5pMvPGgD/xd1PIIv3cmpGTE67Lqy a3qLzX4N0jNwsPQuv5jzzWvTEDCEb5VpzVjiNRJfAtOf1FnzwEvB5plK9KwuQ89x U7mjtF/AFaZ3wJ/FTq2exv4HADEbv48wjDLk+M9UMQtBZOd4cBZquZKTtfxeboQD jPNzyMO3pdWCfBz6fbCMNbXMlo+/+LCUXu2YRuc4BbQQmFitKCP4iXD4xUrGGcba 0oV4xe3aW7l1DzEgQVHW5BOQTNm1hc68ynol27SQLQppKZJXe8SSxMlNZE52sQJw BpDN/DC5dcAnxKDwBvLYr5TQaZETjS+AoohaYgPS2z1ocUtaZZKbbhZYtGf3yAeF yoJtgJVOhhTqzE8QhTdtBx61RN1syNL5geDTo1U1F02kQb5H2+DVdvb/bxnm2kJi 7pxfm8/U5gV73aT1XTzGIYSnqrNbzRVkSvMYqgvWrhGb2SYNFPBa9fazouBOPvqa epwapkvkH/KWStOfc2gfxqx1vLcElj7Jg3oxG9Rv4hCYZMEZnXSJztNXiS3gxQxu CygJbBVpXyGBQvUJpVmDioqv+JD2lllWi426P6RNvBbk5Yl4Ujc= =mYBY -----END PGP SIGNATURE----- --nmt567hh7ns2zacp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?hxql75nrkuggdcjtocsbcezvjfxa4bblg3iyqy46rqnju66ozx>