From nobody Sun May 19 02:17:34 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vhkqk2mDyz5KVWk for ; Sun, 19 May 2024 02:17:38 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Vhkqk0vV8z4MxV for ; Sun, 19 May 2024 02:17:38 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-io1-xd33.google.com with SMTP id ca18e2360f4ac-7e21e11f36bso84246839f.0 for ; Sat, 18 May 2024 19:17:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1716085056; x=1716689856; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=5oGMAqZ8Yv4NWFuvUVLk2TtW7ANG4dGw74Ktu4bUdNY=; b=ZHznsjE75dbpwryJXGK21uG/YdmTSM32H8oNO8eMd3h3zJmOU5Ckwz5tyCvgrgYzsH wUcfDhHSzgqLho7VqcNYQPv1YnP1gEbbLjSssH7k3jr2iJjyKHUfulvMqh+mPG1u0wYH NGFCzQ7F18Wi3H+mef75stu6l/Rn28AAINHbBDWGn9chS78mNefqLFJgxOQDNIJCTIzH uFBtV9Fj9NF8o0HQuJnN8iS1J216BqkIElISkhuxceV0PuWweSqTqeuLVW0YbtcS7M+u blwExQbM5PS1uWLayJU1FCXjorUZhrwdxEjZw1OkwoZ1omh4VNWFDbZK3N4EOC8izbv+ TLAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716085056; x=1716689856; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=5oGMAqZ8Yv4NWFuvUVLk2TtW7ANG4dGw74Ktu4bUdNY=; b=j1qnzXqKlgFYXmAwx+tbOc72bPmhZ3ta8vDoH0XRhkWUpLNCsG/C1Gsg3FkBFGz+3l ClEq8Mwt0KcxtS4Iqp36O05O5WVL/mlv/ld+t3aI2gjWKiC0QQeotq7FUv7kHXy+aNZB zBRAPBmL5tmOYIMwzkP5HpmFdb/Uy4CRmQY7rX/v11333hE1xdjs99CL74zJHMI5Z1Dt pZzR7+htzWFZWuhjVBdujJCUrCXwDN8H+aiOCVv2A8NENB9HYVr4+mxOajeo16VKfI26 YyCGZVk93XsqkLpEzyWbPm3q6e/QDfTCGEfnncO2ajcJUowPRrBO2ZQ7TQbQqRXv3Or3 v6Mg== X-Forwarded-Encrypted: i=1; AJvYcCXUZK6bdcIsHDC3maR4PcLqvhko1nRYbvNqjPvQxWrer/NT3hfiFO93+QRzYFliD8R8OcM1hjTArHJRqXWTrdbYHLiBDoDDW5Bv4qipliJL X-Gm-Message-State: AOJu0Yyg+YqkTWtR/Dl0QkcsZLHkZcmzHj8IiaEeDFB4RlgZtBSSFu9Z aYXht2KeNcRB1Yjknii5wacTrGWdtLGzibGcetzgNfcc00wfkjU0/hcn3UuMgQQ= X-Google-Smtp-Source: AGHT+IFIAmUXGQBEJIcIqcS6G4dEE0/oBLksafspcSWVfbZQsmrCrkco088uUF0FBT+L80gK5TsnHw== X-Received: by 2002:a6b:f812:0:b0:7e2:1e0:3352 with SMTP id ca18e2360f4ac-7e201e033c9mr1408658339f.9.1716085056563; Sat, 18 May 2024 19:17:36 -0700 (PDT) Received: from mutt-hbsd ([184.99.37.29]) by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-4893701155bsm5352630173.31.2024.05.18.19.17.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 May 2024 19:17:35 -0700 (PDT) Date: Sun, 19 May 2024 02:17:34 +0000 From: Shawn Webb To: Kyle Evans Cc: Pedro Giffuni , "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Subject: Re: git: be04fec42638 - main - Import _FORTIFY_SOURCE implementation from NetBSD Message-ID: X-Operating-System: FreeBSD mutt-hbsd 15.0-CURRENT-HBSD FreeBSD 15.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <02326b5e-a1fe-4411-a869-d21f9a76130c@email.android.com> <999469960.1638478.1716080957814@mail.yahoo.com> <6276b721-6c7b-41cd-9d1b-4169e86ec5e9@FreeBSD.org> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="66ccod2zjktdeno2" Content-Disposition: inline In-Reply-To: <6276b721-6c7b-41cd-9d1b-4169e86ec5e9@FreeBSD.org> X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4Vhkqk0vV8z4MxV --66ccod2zjktdeno2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, May 18, 2024 at 09:08:48PM -0500, Kyle Evans wrote: >=20 >=20 > On 5/18/24 20:09, Pedro Giffuni wrote: > > (sorry for top posting .. my mailer just sucks) > > Hi; > >=20 > > I used to like the limited static checking FORTIFY_SOURCE provides and > > when I ran it over FreeBSD it did find a couple of minor issues. It only > > works for GCC though. > >=20 >=20 > I don't think this is particularly true anymore; I haven't found a case y= et > where __builtin_object_size(3) doesn't give me the correct size while GCC > did. I'd welcome counter-examples here, though -- we have funding to both > finish the project (widen the _FORTIFY_SOURCE net to more of libc/libsys) > and add tests to demonstrate that it's both functional and correct. It > would be useful to also document deficiencies in the tests. >=20 > > I guess it doesn't really hurt to have FORTIFY_SOURCE around and NetBSD > > had the least intrusive implementation the last time I checked but I > > would certainly request it should never be activated by default, > > specially with clang. The GCC version has seen more development on glibc > > but I still think its a dead end. > >=20 >=20 > I don't see a compelling reason to avoid enabling it by default; see abov= e, > the functionality that we need in clang appears to be just fine (and, iir= c, > was also fine when I checked at the beginning of working on this in 2021) > and it provides useful >=20 > > What I would like to see working on FreeBSD is Safestack as a > > replacement for the stack protector, which we were so very slow to adopt > > even when it was originally developed in FreeBSD. I think other projects > > based on FreeBSD (Chimera and hardenedBSD) have been using it but I > > don't know the details. > >=20 >=20 > No comment there, though I think Shawn Webb / HardenedBSD had been playing > around with SafeStack (and might have enabled it? I haven't actually look= ed > in a while now). =20 HardenedBSD has enabled SafeStack for userland applications and base and a few ports. HardenedBSD uses -fstack-protector-all. I don't see _FORTIFY_SOURCE, SafeStack, and SSP as mutually exclusive. In fact, I view all three as complementary. _FORTIFY_SOURCE can have a much wider reach than SafeStack at the moment. SafeStack cannot be applied to shared objects, only dynamically-loaded executables (ELF ET_DYN and ET_EXEC). SafeStack relies on both ASLR and W^X for efficacy. SafeStack cannot be used with setjmp/longjmp. I would like to see SafeStack reach completion and have made attempts in the past to help push the needle in that direction. We need explicit support in the RTLD and libc in order to apply it to libraries. Additionally, we would like to apply it to statically-linked binaries. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --66ccod2zjktdeno2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmZJYSgACgkQ/y5nonf4 4foEuQ//SqRetIhK6PGoaW1c11RZxy6aauHMpXnab1QWn+Lfm45jiwctkCw38oDz YEzN3iWXBof/7VyUdFC0dk4U7xT3s1DEmQYasWV3yhOp+9WLffWSsFHXP0H1uxiK Obvb8EhJ9DqMWkc20owofHxro2dnHgdG/15r13irdEW9McgeDiVZ+sjqdlJa0ahJ RP78qfiINmruN91sdKVS5K+qJjl43CFnaTd4AzxZpdyjPR8feH12CJCWzZH2xijW DZZ9fIhlJ02++GPCWoiJxuIXSC8EFYn11vTHxYGNUXosVN3F28V5eDpNRMwQ7cDY HCV8DF7HsFNjnliP+fEddrUd6BHYKmbXLZ1tHxDMw/TOkQF8e9eHkcuou9+zrFY+ Jk7A9Gx8GaKLRV0k3WhDBFl+55L99Pl6Rrn+IEoAkBrn/B3mbhGYDGgMcGXBsHg/ jdwqLetePTXlmatxNmIYeTwQf7sXntzD2CO4BJhASvoQPW6KYlfPWZlBBuJSqMbO eR/fuKoQErs+j9TESx9XV/PL/Ip0op7rOThm6S51p9EAUXKL3ZBSGk6T1vtKBS+V brrfH6TwtS8hGB7aDy//2JSXuPmhgzD/YtS1TSGNRiwC5v9T5PYBAvmtoo082mz6 dt/oN9B1JYsI+tNXSzhhojbso8MATvH2OTkb+jKRpgkqzKBNCFA= =qMV8 -----END PGP SIGNATURE----- --66ccod2zjktdeno2--