Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag

Reply: Alexander Leidinger : "Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag"
In reply to: Alexander Leidinger : "Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Ed Maste <emaste_at_freebsd.org>
Date: Tue, 28 Jan 2025 13:42:28 UTC

On Sun, 26 Jan 2025 at 07:38, Alexander Leidinger <netchild@freebsd.org> wrote:
>
> Am 2025-01-25 20:21, schrieb Jessica Clarke:
>
> > It looks like with Clang we end up using -Qunused-arguments so the
> > warning/error is suppressed. That at least means the build doesn’t
> > fail, which I suppose is good, but I’m not sure we should be promising
> > that WITH_SSP will protect against stack clash then having the compiler
> > silently emit unprotected code (for which we’re to blame, by telling it
> > to ignore the fact it’s not supported). This at least needs to be
> > documented that the protection will only be provided if supported by
> > the compiler.

I suppose we should add support for stack clash to COMPILER_FEATURES
in bsd.compiler.mk and add the flag only if supported.

> function correctly.
>   supports stack overflow protection using the Stack Smashing Protector
>   .Pq SSP
>   compiler feature,
> -and stack clash protection.
> +and stack clash protection (if supported by the compiler for the given
> architecture).

To make it explicitly clear that the "if supported" applies only to
stack clash protection, maybe make it a separate sentence.

... SSP compiler feature. Stack clash protection is also enabled, if
supported by the compiler for the given architecture.

Looks good to me either way.