From nobody Sat May 18 19:07:15 2024
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VhYHD3Ntwz5LJtL
	for <dev-commits-src-main@mlmmj.nyi.freebsd.org>; Sat, 18 May 2024 19:07:20 +0000 (UTC)
	(envelope-from pfg@freebsd.org)
Received: from sonic306-21.consmr.mail.ne1.yahoo.com (sonic306-21.consmr.mail.ne1.yahoo.com [66.163.189.83])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VhYHC5Lshz4fSG
	for <dev-commits-src-main@freebsd.org>; Sat, 18 May 2024 19:07:19 +0000 (UTC)
	(envelope-from pfg@freebsd.org)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=yahoo.com header.s=s2048 header.b=tGHCvJJe;
	dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=freebsd.org (policy=none);
	spf=softfail (mx1.freebsd.org: 66.163.189.83 is neither permitted nor denied by domain of pfg@freebsd.org) smtp.mailfrom=pfg@freebsd.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1716059237; bh=LlUkLWlQzfzvkfwv2qpoRfYG7dgk+WxRJeb9Dnv6Nsg=; h=Date:From:To:In-Reply-To:References:Subject:From:Subject:Reply-To; b=tGHCvJJeGcz7XuOUOv+K9Ir6E+mZguW8vWJW+I6Chne6aTgWwb6ed83geQkXXP0ePyJxIQp793GtZ+dPvr0A2jeEig4kZyLt0KJwYtUUPUMwOJbVZshwe+YGRT+p/APhqV1Inizg6IKgSAQsTINa4YfBaEMEVMWipHhXrZ7jD8mphn84e8ooRdJ0Wv0ZNxVo5o+OrLz7O1xXnjXOIWRTSjxzgkyKsjHpTNOAyhNSZtn53IGgSWmavJ5Pn7kOtmYuXrVXPdVVp+nvFzx89ggmynrAQN4QD5bsIb4wMcsVoEm4G9n6nCA1R4hEo2dT7RtWqLhrlm5ZrUg+WZ+OT2Vtcg==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1716059237; bh=DP+ihhaki9RGPUm6TcgfROCvFW8q5/d0BUl0JLO7PjO=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=aqKbq5MRhVN0hOgYDBCQX5bNcSwQqqfCanh/lsWsP/3lLCrrCC4b743zt6vGWZIV02hmlS4cXvHAGzrUi0RCmPfb1x6nqEROf2BRCTrsfw9ssM9btTHt+sqb2jbNV6+25FSuRaV3ozsNq1YYHvtv9vsivvU9zXjt7bsj5CvqQ77J9FpoHCg33iKWc3GMZ9X7UpCWDyszH+8ovCicE7RRF6iMiSZQsL0hVI6BdACWgWjZyJSNJMsHofYmmWkOFk7HAQyfZtzm3CDzhLtAVClzzqcTLOS0d/m9a8ZJIaTCmeDh9Ze61QRRtFl20NhhWMXmXOFC0eo15d9M+WS03QAjrg==
X-YMail-OSG: UBPig9cVM1lQlvXCCcJojDXEso0GlJlH39Pm8tjhZC11pG6pv2JSWh0cPa9c234
 QuT9k9ab6rmkc4ks4V_25J.ZJJGF0N1omqcRMItXX1XNnf_Tlr01ZCuCMafNo4TxcIPdlUHtueQX
 5TURaUcF2LWBJt7queZiY9Z_a5JOVbtmas_JWl025VJOdnTXRc9WiAwAUIav8PvIC_ker_I1uoGm
 kiMOPr2D8XkKkHhYQd8yGTFRIWBRWPPvI.Nns9RbX_tYqLHNGQIbnQRRZaaiQsz7w1bNoS21yIxo
 xZASNJfzrlo3ItLwirRautN8hLSu5yu3ZeQ4TesFf5o.tKnKtLi1E7Uhw5Rw.Ey2q0r1L.g5ZMLP
 QOF.S7BQQhViZ3IzHwr9G6llJHavUU9eui0Rjw9AkqMR6Uc0UFkmpox5X8yFTcor7XgmAMFiAUgh
 wKACxafSeLNWvCP_9VRaLRRJMCcEHmwXDojpFgodZ6DgeKz7EjdvWvdnLv4EClEq9Xt5r.899XOk
 .Mf4m0v8qFErYGuJbEPOgBwD_eaDtC_ZBM4Rz6MvO.uogCmXgMIgJ3O5T6KabzYClDfvyHq2h7Jr
 25YQp9jB6GSPZjc0ksuWE3kIDbrJPmFjIH_rbkX5OMfb50Hsl.4sFEDrI2uRgE2nAPmFxStwfrWf
 iQ8x6FVPJRJjVtu9IwSyB7lcduONw30nZE_reuhOGlH320gpfZ8mwV..odvJV7qYj6TM9CKgGIQp
 qcs7ouIg3s0XDQAeyHe9nJVK9nfWc.cE.8GFr1HmlToDxAKgruYZYIQXhz2eWBow.Jb3APrtg.e2
 73qyNw647DrWWX2CuaosbHMKeZH.rZ4hU6fGIMqSafd1uK2inFrvQxp_DkAwXLk.XTiPCDqk3AVH
 EnNj8Uusn9Pj7Z6BBfJOv8JO9mU5VtMLRTcbk4VfoJGwwnVujhjgUKQrzzdf9qfwOO5TsmNK7SoL
 e1R_zyhpzndesFcxB515yKxTuSR.2wvucMEuOaVEfvX2GiRl1cb2iQjTLMuF0dRL5wwtTzkOYuu1
 SrY4vZceVJ68ZIrKEAzL1YyStvOLUl24DHew9k55hf74vOravU9gdefw3M5RaeSW48q7qUAZHA6p
 tZyFcME0zCpJWxKELoCVQFDfr731ttkEnXj1dW9AaW6oOaegorBXQx_MgmIXWPAswfRSPH1EGg1G
 zzpSnm1gB70lkuuSaANj2mLPFmLzGzuUT7LHo9GzwEabplWjngjBBNorllGrIcfB5EuP8BJ9KbjO
 eC2tAAgBgigauMAUS8FE9hPMcpv.iXRQHxNz7vzbypjMwBXeVmd.VAksA9tyu_WlaWnTrWtSd_q8
 YktRsh37p3tRYuOHLcKiDjaHr67COFnEekoEeKNOFTVDEbbD0e9EbHn_x3.UOxh.wOATDk_PnAIT
 y17uLr2OW7arLquwtEXQFqgYd7BuJ50VHMVNbzp.gvAio36DZ4OAE_kfbLns4vcKchBWOrJcwY_t
 VxHg8C6znhn4Wk0L_Vq2X604zCZ53_VPQzMDpVdE6o9qCYA2dv3tqKz8uZUJfITbCxmZvCB4rNZ3
 NX2iVVf1uvk1dI75Xtox87Hs._NwBUkjTxQzNeq.1kCmOWnI9wERJh.vUxOmnaq8pKLqq4Rne5DO
 wgOi9Otk1_KXIRcMHfJKgFJrJBB576KTFUtLpokuTK6yPGWm8oYY0OAW43btIqgRl3sse_34RpIZ
 1m_jOu0uOddadAmr1nUqsY6QMmbBdkJG1.zcj1EXouPVs_HFyB.KOyMyawAd.HrhcIwvPA9_KYXw
 AQTephb22sj3CwhmHdsthnIRHM6SBHmss2TdAZUxJv.6nsRM8weP0qzD.Du62YqHRjdf6uMia7T9
 G5pJqNUhtdGE9hGg8aimW4yRFh0pyt3u0OEwXTuuDsyUfVXCOfOrWtRO.bDzQ4l4E8VxNkmpI0W2
 Z2N1jdAnkImMUoxehUVhF623DCz8mT.VOg4RPSm4mrpgdeUC.BHAGxfLdlTelaWjk4QUxaIe.YFY
 QnCi8smgsOJBE5BB6tkPl2ma_eRwgi.TqFolTxSHGjAHYcO4UeVUk8PRlwjUjmfoVnfh3FKYeT_0
 V0w2X3YXBJP5ExlIgtFrnmBbQQWdt4VPQwJ1wEzhW.BvIcYWGMCBnJYNMyIbMUaCLExsF4qg4waq
 V1PZNVqUcpzU8J8g6lw--
X-Sonic-MF: <pfg@freebsd.org>
X-Sonic-ID: 80156c6e-32d3-4ee3-aa4d-a8d629db0564
Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Sat, 18 May 2024 19:07:17 +0000
Date: Sat, 18 May 2024 19:07:15 +0000 (UTC)
From: Pedro Giffuni <pfg@freebsd.org>
To: "src-committers@freebsd.org" <src-committers@freebsd.org>, 
	"dev-commits-src-all@freebsd.org" <dev-commits-src-all@freebsd.org>, 
	"dev-commits-src-main@freebsd.org" <dev-commits-src-main@freebsd.org>, 
	Kyle Evans <kevans@freebsd.org>
Message-ID: <220172210.1591640.1716059235914@mail.yahoo.com>
In-Reply-To: <202405130524.44D5OBT1084367@gitrepo.freebsd.org>
References: <202405130524.44D5OBT1084367@gitrepo.freebsd.org>
Subject: Re: git: 9bfd3b4076a7 - main - Add a build knob for _FORTIFY_SOURCE
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_1591639_634665037.1716059235908"
X-Mailer: WebService/1.1.22356 YMailNorrin
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.20 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	R_DKIM_ALLOW(-0.20)[yahoo.com:s=s2048];
	DMARC_POLICY_SOFTFAIL(0.10)[freebsd.org : No valid SPF, DKIM not aligned (relaxed),none];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	ASN(0.00)[asn:36646, ipnet:66.163.184.0/21, country:US];
	FREEFALL_USER(0.00)[pfg];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	RCVD_COUNT_ONE(0.00)[1];
	TO_DN_SOME(0.00)[];
	DWL_DNSWL_NONE(0.00)[yahoo.com:dkim];
	TO_DN_EQ_ADDR_SOME(0.00)[];
	ARC_NA(0.00)[];
	RCVD_IN_DNSWL_NONE(0.00)[66.163.189.83:from];
	RCPT_COUNT_THREE(0.00)[4];
	FROM_EQ_ENVFROM(0.00)[];
	FROM_HAS_DN(0.00)[];
	RWL_MAILSPIKE_POSSIBLE(0.00)[66.163.189.83:from];
	R_SPF_SOFTFAIL(0.00)[~all:c];
	RCVD_TLS_LAST(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	MLMMJ_DEST(0.00)[dev-commits-src-main@freebsd.org];
	DKIM_TRACE(0.00)[yahoo.com:+]
X-Rspamd-Queue-Id: 4VhYHC5Lshz4fSG

------=_Part_1591639_634665037.1716059235908
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

 Sorry for noticing so late ... I was unaware this was being worked on and =
=C2=A0I was very busy with since my dad passed away recently.
The static checker component of Fortify source only works well on GCC, for =
clang this lacks the support that was added by Google on Android's libc (wh=
ich is not bery useful either).
We already had some stubs for the ssp functions but we never used them and =
this just adds bloat to our libc.
I suggest reverting. Again sorry.
Pedro.
    On Monday, May 13, 2024 at 12:24:16 AM GMT-5, Kyle Evans <kevans@freebs=
d.org> wrote: =20
=20
 The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=3D9bfd3b4076a7b0dfd27ab22318e5=
113dc84fea28

commit 9bfd3b4076a7b0dfd27ab22318e5113dc84fea28
Author:=C2=A0 =C2=A0 Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2024-05-13 05:23:50 +0000
Commit:=C2=A0 =C2=A0 Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2024-05-13 05:23:50 +0000

=C2=A0 =C2=A0 Add a build knob for _FORTIFY_SOURCE
=C2=A0 =C2=A0=20
=C2=A0 =C2=A0 In the future, we will Default to _FORTIFY_SOURCE=3D2 if SSP =
is enabled,
=C2=A0 =C2=A0 otherwise default to _FORTIFY_SOURCE=3D0.=C2=A0 For now we de=
fault it to 0
=C2=A0 =C2=A0 unconditionally to ease bisect across older versions without =
the new
=C2=A0 =C2=A0 symbols, and we'll put out a call for testing.
=C2=A0 =C2=A0=20
=C2=A0 =C2=A0 include/*.h include their ssp/*.h equivalents as needed based=
 on the
=C2=A0 =C2=A0 knob. Programs and users are allowed to override FORTIFY_SOUR=
CE in their
=C2=A0 =C2=A0 Makefiles or src.conf/make.conf to force it off.
=C2=A0 =C2=A0=20
=C2=A0 =C2=A0 Reviewed by:=C2=A0 =C2=A0 des, markj
=C2=A0 =C2=A0 Relnotes:=C2=A0 =C2=A0 =C2=A0 yes
=C2=A0 =C2=A0 Sponsored by:=C2=A0 Stormshield
=C2=A0 =C2=A0 Sponsored by:=C2=A0 Klara, Inc.
=C2=A0 =C2=A0 Differential Revision:=C2=A0 https://reviews.freebsd.org/D323=
08
---
 include/stdio.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=
=C2=A0 3 ++
 include/string.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=
=C2=A0 3 ++
 include/strings.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =
3 ++
 include/unistd.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=
=C2=A0 4 +++
 lib/libthr/Makefile=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 3 ++
 libexec/rtld-elf/Makefile=C2=A0 =C2=A0 =C2=A0 |=C2=A0 4 +++
 share/man/man7/security.7=C2=A0 =C2=A0 =C2=A0 | 75 +++++++++++++++++++++++=
++++++++++++++++++
 share/mk/bsd.sys.mk=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 7 +++=
+
 tools/build/options/WITHOUT_SSP |=C2=A0 3 ++
 tools/build/options/WITH_SSP=C2=A0 =C2=A0 |=C2=A0 3 ++
 10 files changed, 108 insertions(+)

diff --git a/include/stdio.h b/include/stdio.h
index fe7a6f7d6f82..30bc638082d8 100644
--- a/include/stdio.h
+++ b/include/stdio.h
@@ -530,4 +530,7 @@ extern int __isthreaded;
 __END_DECLS
 __NULLABILITY_PRAGMA_POP
=20
+#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
+#include <ssp/stdio.h>
+#endif
 #endif /* !_STDIO_H_ */
diff --git a/include/string.h b/include/string.h
index 597308020cdb..a595f6e3e260 100644
--- a/include/string.h
+++ b/include/string.h
@@ -168,4 +168,7 @@ errno_t memset_s(void *, rsize_t, int, rsize_t);
 #endif /* __EXT1_VISIBLE */
 __END_DECLS
=20
+#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
+#include <ssp/string.h>
+#endif
 #endif /* _STRING_H_ */
diff --git a/include/strings.h b/include/strings.h
index fde007186e04..6fe6a09e7dd3 100644
--- a/include/strings.h
+++ b/include/strings.h
@@ -68,4 +68,7 @@ int=C2=A0=C2=A0=C2=A0 strncasecmp(const char *, const cha=
r *, size_t) __pure;
 #endif
 __END_DECLS
=20
+#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
+#include <ssp/strings.h>
+#endif
 #endif /* _STRINGS_H_ */
diff --git a/include/unistd.h b/include/unistd.h
index e4e5c62fbb67..59738cbf6e68 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -37,6 +37,10 @@
 #include <sys/_null.h>
 #include <sys/_types.h>
=20
+#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
+#include <ssp/unistd.h>
+#endif
+
 #ifndef _GID_T_DECLARED
 typedef=C2=A0=C2=A0=C2=A0 __gid_t=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 gid=
_t;
 #define=C2=A0=C2=A0=C2=A0 _GID_T_DECLARED
diff --git a/lib/libthr/Makefile b/lib/libthr/Makefile
index a5bf5da44170..85c028f521a1 100644
--- a/lib/libthr/Makefile
+++ b/lib/libthr/Makefile
@@ -11,6 +11,9 @@ LDFLAGS+=3D=C2=A0=C2=A0=C2=A0 -Wl,--rpath=3D/usr/lib${COM=
PAT_libcompat}
=20
 .include <src.opts.mk>
 MK_SSP=3D=C2=A0=C2=A0=C2=A0 no
+# SSP forced off already implies FORTIFY_SOURCE=3D0, but we must make sure=
 that
+# one cannot turn it back on.
+FORTIFY_SOURCE=3D=C2=A0=C2=A0=C2=A0 0
=20
 LIB=3Dthr
 SHLIB_MAJOR=3D 3
diff --git a/libexec/rtld-elf/Makefile b/libexec/rtld-elf/Makefile
index 37c3840538d5..864448ad782a 100644
--- a/libexec/rtld-elf/Makefile
+++ b/libexec/rtld-elf/Makefile
@@ -15,6 +15,10 @@ MK_UBSAN=3D=C2=A0=C2=A0=C2=A0 no
=20
 .include <bsd.compat.pre.mk>
=20
+# SSP forced off already implies FORTIFY_SOURCE=3D0, but we must make sure=
 that
+# one cannot turn it back on.
+FORTIFY_SOURCE=3D=C2=A0=C2=A0=C2=A0 0
+
 .if !defined(NEED_COMPAT)
 CONFS=3D=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 libmap.conf
 .endif
diff --git a/share/man/man7/security.7 b/share/man/man7/security.7
index ccbeeb4575ce..2e690e35d534 100644
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@@ -939,6 +939,81 @@ option that SSH allows in its
 .Pa authorized_keys
 file to make the key only usable to entities logging in from specific
 machines.
+.Sh STACK OVERFLOW PROTECTION
+.Fx
+supports stack overflow protection using the Stack Smashing Protector
+.Pq SSP
+compiler feature.
+In userland, SSP adds a per-process randomized canary at the end of every =
stack
+frame which is checked for corruption upon return from the function.
+In the kernel, a single randomized canary is used globally except on aarch=
64,
+which has a
+.Dv PERTHREAD_SSP
+.Xr config 8
+option to enable per-thread randomized canaries.
+If stack corruption is detected, then the process aborts to avoid potentia=
lly
+malicious execution as a result of the corruption.
+SSP may be enabled or disabled when building
+.Fx
+base with the
+.Xr src.conf 5
+SSP knob.
+.Pp
+When
+.Va WITH_SSP
+is enabled, which is the default, world is built with the
+.Fl fstack-protector-strong
+compiler option.
+The kernel is built with the
+.Fl fstack-protector
+option.
+.Pp
+In addition to SSP, a
+.Dq FORTIFY_SOURCE
+implementation is supported up to level 2 by defining
+.Va _FORTIFY_SOURCE
+to
+.Dv 1
+or
+.Dv 2
+before including any
+.Fx
+headers.
+.Fx
+world builds can set
+.Va FORTIFY_SOURCE
+to provide a default value for
+.Va _FORTIFY_SOURCE .
+When enabled,
+.Dq FORTIFY_SOURCE
+enables extra bounds checking in various functions that accept buffers to =
be
+written into.
+These functions currently have extra bounds checking support:
+.Bl -column -offset indent "snprintf" "memmove" "strncpy" "vsnprintf" "rea=
dlink"
+.It bcopy=C2=A0 =C2=A0 Ta bzero=C2=A0 =C2=A0 Ta fgets=C2=A0 =C2=A0 Ta getc=
wd=C2=A0 =C2=A0 Ta gets
+.It memcpy=C2=A0 Ta memmove=C2=A0 Ta memset=C2=A0 =C2=A0 Ta read=C2=A0 =C2=
=A0 =C2=A0 Ta readlink
+.It snprintf Ta sprintf=C2=A0 Ta stpcpy=C2=A0 =C2=A0 Ta stpncpy=C2=A0 Ta s=
trcat
+.It strcpy=C2=A0 Ta strncat=C2=A0 Ta strncpy=C2=A0 Ta vsnprintf Ta vsprint=
f
+.El
+.Pp
+.Dq FORTIFY_SOURCE
+requires compiler support from
+.Xr clang 1
+or
+.Xr gcc 1 ,
+which provide the
+.Xr __builtin_object_size 3
+function that is used to determine the bounds of an object.
+This feature works best at optimization levels
+.Fl O1
+and above, as some object sizes may be less obvious without some data that=
 the
+compiler would collect in an optimization pass.
+.Pp
+Similar to SSP, violating the bounds of an object will cause the program t=
o
+abort in an effort to avoid malicious execution.
+This effectively provides finer-grained protection than SSP for some class=
 of
+function and system calls, along with some protection for buffers allocate=
d as
+part of the program data.
 .Sh KNOBS AND TWEAKS
 .Fx
 provides several knobs and tweak handles that make some introspection
diff --git a/share/mk/bsd.sys.mk b/share/mk/bsd.sys.mk
index de91e00d8cc7..52c3d07746c7 100644
--- a/share/mk/bsd.sys.mk
+++ b/share/mk/bsd.sys.mk
@@ -294,11 +294,18 @@ CFLAGS.clang+=3D=C2=A0=C2=A0=C2=A0 -Qunused-arguments
 # but not yet.
 CXXFLAGS.clang+=3D=C2=A0=C2=A0=C2=A0 -Wno-c++11-extensions
=20
+# XXX This should be defaulted to 2 when WITH_SSP is in use after further
+# testing and soak time.
+FORTIFY_SOURCE?=3D=C2=A0=C2=A0=C2=A0 0
 .if ${MK_SSP} !=3D "no"
 # Don't use -Wstack-protector as it breaks world with -Werror.
 SSP_CFLAGS?=3D=C2=A0=C2=A0=C2=A0 -fstack-protector-strong
 CFLAGS+=3D=C2=A0=C2=A0=C2=A0 ${SSP_CFLAGS}
 .endif # SSP
+.if ${FORTIFY_SOURCE} > 0
+CFLAGS+=3D=C2=A0=C2=A0=C2=A0 -D_FORTIFY_SOURCE=3D${FORTIFY_SOURCE}
+CXXFLAGS+=3D=C2=A0=C2=A0=C2=A0 -D_FORTIFY_SOURCE=3D${FORTIFY_SOURCE}
+.endif
=20
 # Additional flags passed in CFLAGS and CXXFLAGS when MK_DEBUG_FILES is
 # enabled.
diff --git a/tools/build/options/WITHOUT_SSP b/tools/build/options/WITHOUT_=
SSP
index 88162cecf14a..7a773fe1e5aa 100644
--- a/tools/build/options/WITHOUT_SSP
+++ b/tools/build/options/WITHOUT_SSP
@@ -1 +1,4 @@
 Do not build world with stack smashing protection.
+See
+.Xr security 7
+for more information.
diff --git a/tools/build/options/WITH_SSP b/tools/build/options/WITH_SSP
index 0088dd133782..4f06a73d4173 100644
--- a/tools/build/options/WITH_SSP
+++ b/tools/build/options/WITH_SSP
@@ -1 +1,4 @@
 Build world with stack smashing protection.
+See
+.Xr security 7
+for more information.
 =20
------=_Part_1591639_634665037.1716059235908
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<html><head></head><body><div class=3D"ydpdf1fcfc0yahoo-style-wrap" style=
=3D"font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px=
;"><div></div>
        <div dir=3D"ltr" data-setdir=3D"false">Sorry for noticing so late .=
.. I was unaware this was being worked on and <span><span style=3D"color: r=
gb(0, 0, 0); font-family: Helvetica Neue, Helvetica, Arial, sans-serif; fon=
t-size: 16px;">&nbsp;I was very busy with since my dad passed away recently=
</span></span>.</div><div dir=3D"ltr" data-setdir=3D"false"><br></div><div =
dir=3D"ltr" data-setdir=3D"false">The static checker component of Fortify s=
ource only works well on GCC, for clang this lacks the support that was add=
ed by Google on Android's libc (which is not bery useful either).</div><div=
 dir=3D"ltr" data-setdir=3D"false"><br></div><div dir=3D"ltr" data-setdir=
=3D"false">We already had some stubs for the ssp functions but we never use=
d them and this just adds bloat to our libc.</div><div dir=3D"ltr" data-set=
dir=3D"false"><br></div><div dir=3D"ltr" data-setdir=3D"false"><div><div><d=
iv style=3D"outline: none !important;"><div dir=3D"ltr" data-setdir=3D"fals=
e" style=3D"outline: none !important;">I suggest reverting. Again sorry.</d=
iv><div dir=3D"ltr" data-setdir=3D"false" style=3D"outline: none !important=
;"><br style=3D"color: rgb(0, 0, 0); font-family: Helvetica Neue, Helvetica=
, Arial, sans-serif; font-size: 16px; outline: none !important;"></div></di=
v></div></div>Pedro.</div><div><br></div>
       =20
        </div><div id=3D"ydpfa74bad8yahoo_quoted_6386811475" class=3D"ydpfa=
74bad8yahoo_quoted">
            <div style=3D"font-family:'Helvetica Neue', Helvetica, Arial, s=
ans-serif;font-size:13px;color:#26282a;">
               =20
                <div>
                        On Monday, May 13, 2024 at 12:24:16 AM GMT-5, Kyle =
Evans &lt;kevans@freebsd.org&gt; wrote:
                    </div>
                    <div><br></div>
                    <div><br></div>
               =20
               =20
                <div><div dir=3D"ltr">The branch main has been updated by k=
evans:<br></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">URL: <a href=3D=
"https://cgit.FreeBSD.org/src/commit/?id=3D9bfd3b4076a7b0dfd27ab22318e5113d=
c84fea28" rel=3D"nofollow" target=3D"_blank">https://cgit.FreeBSD.org/src/c=
ommit/?id=3D9bfd3b4076a7b0dfd27ab22318e5113dc84fea28</a><br></div><div dir=
=3D"ltr"><br></div><div dir=3D"ltr">commit 9bfd3b4076a7b0dfd27ab22318e5113d=
c84fea28<br></div><div dir=3D"ltr">Author:&nbsp; &nbsp;  Kyle Evans &lt;<a =
href=3D"mailto:kevans@FreeBSD.org" rel=3D"nofollow" target=3D"_blank">kevan=
s@FreeBSD.org</a>&gt;<br></div><div dir=3D"ltr">AuthorDate: 2024-05-13 05:2=
3:50 +0000<br></div><div dir=3D"ltr">Commit:&nbsp; &nbsp;  Kyle Evans &lt;<=
a href=3D"mailto:kevans@FreeBSD.org" rel=3D"nofollow" target=3D"_blank">kev=
ans@FreeBSD.org</a>&gt;<br></div><div dir=3D"ltr">CommitDate: 2024-05-13 05=
:23:50 +0000<br></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">&nbsp; &n=
bsp; Add a build knob for _FORTIFY_SOURCE<br></div><div dir=3D"ltr">&nbsp; =
&nbsp; <br></div><div dir=3D"ltr">&nbsp; &nbsp; In the future, we will Defa=
ult to _FORTIFY_SOURCE=3D2 if SSP is enabled,<br></div><div dir=3D"ltr">&nb=
sp; &nbsp; otherwise default to _FORTIFY_SOURCE=3D0.&nbsp; For now we defau=
lt it to 0<br></div><div dir=3D"ltr">&nbsp; &nbsp; unconditionally to ease =
bisect across older versions without the new<br></div><div dir=3D"ltr">&nbs=
p; &nbsp; symbols, and we'll put out a call for testing.<br></div><div dir=
=3D"ltr">&nbsp; &nbsp; <br></div><div dir=3D"ltr">&nbsp; &nbsp; include/*.h=
 include their ssp/*.h equivalents as needed based on the<br></div><div dir=
=3D"ltr">&nbsp; &nbsp; knob. Programs and users are allowed to override FOR=
TIFY_SOURCE in their<br></div><div dir=3D"ltr">&nbsp; &nbsp; Makefiles or s=
rc.conf/make.conf to force it off.<br></div><div dir=3D"ltr">&nbsp; &nbsp; =
<br></div><div dir=3D"ltr">&nbsp; &nbsp; Reviewed by:&nbsp; &nbsp; des, mar=
kj<br></div><div dir=3D"ltr">&nbsp; &nbsp; Relnotes:&nbsp; &nbsp; &nbsp;  y=
es<br></div><div dir=3D"ltr">&nbsp; &nbsp; Sponsored by:&nbsp;  Stormshield=
<br></div><div dir=3D"ltr">&nbsp; &nbsp; Sponsored by:&nbsp;  Klara, Inc.<b=
r></div><div dir=3D"ltr">&nbsp; &nbsp; Differential Revision:&nbsp; <a href=
=3D"https://reviews.freebsd.org/D32308" rel=3D"nofollow" target=3D"_blank">=
https://reviews.freebsd.org/D32308</a><br></div><div dir=3D"ltr">---<br></d=
iv><div dir=3D"ltr"> include/stdio.h&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbs=
p; &nbsp; &nbsp;  |&nbsp; 3 ++<br></div><div dir=3D"ltr"> include/string.h&=
nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; |&nbsp; 3 ++<br></di=
v><div dir=3D"ltr"> include/strings.h&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nb=
sp; &nbsp;  |&nbsp; 3 ++<br></div><div dir=3D"ltr"> include/unistd.h&nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; |&nbsp; 4 +++<br></div><di=
v dir=3D"ltr"> lib/libthr/Makefile&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;=
  |&nbsp; 3 ++<br></div><div dir=3D"ltr"> libexec/rtld-elf/Makefile&nbsp; &=
nbsp; &nbsp;  |&nbsp; 4 +++<br></div><div dir=3D"ltr"> share/man/man7/secur=
ity.7&nbsp; &nbsp; &nbsp;  | 75 +++++++++++++++++++++++++++++++++++++++++<b=
r></div><div dir=3D"ltr"> share/mk/bsd.sys.mk&nbsp; &nbsp; &nbsp; &nbsp; &n=
bsp; &nbsp;  |&nbsp; 7 ++++<br></div><div dir=3D"ltr"> tools/build/options/=
WITHOUT_SSP |&nbsp; 3 ++<br></div><div dir=3D"ltr"> tools/build/options/WIT=
H_SSP&nbsp; &nbsp; |&nbsp; 3 ++<br></div><div dir=3D"ltr"> 10 files changed=
, 108 insertions(+)<br></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">di=
ff --git a/include/stdio.h b/include/stdio.h<br></div><div dir=3D"ltr">inde=
x fe7a6f7d6f82..30bc638082d8 100644<br></div><div dir=3D"ltr">--- a/include=
/stdio.h<br></div><div dir=3D"ltr">+++ b/include/stdio.h<br></div><div dir=
=3D"ltr">@@ -530,4 +530,7 @@ extern int __isthreaded;<br></div><div dir=3D"=
ltr"> __END_DECLS<br></div><div dir=3D"ltr"> __NULLABILITY_PRAGMA_POP<br></=
div><div dir=3D"ltr"> <br></div><div dir=3D"ltr">+#if defined(_FORTIFY_SOUR=
CE) &amp;&amp; _FORTIFY_SOURCE &gt; 0<br></div><div dir=3D"ltr">+#include &=
lt;ssp/stdio.h&gt;<br></div><div dir=3D"ltr">+#endif<br></div><div dir=3D"l=
tr"> #endif /* !_STDIO_H_ */<br></div><div dir=3D"ltr">diff --git a/include=
/string.h b/include/string.h<br></div><div dir=3D"ltr">index 597308020cdb..=
a595f6e3e260 100644<br></div><div dir=3D"ltr">--- a/include/string.h<br></d=
iv><div dir=3D"ltr">+++ b/include/string.h<br></div><div dir=3D"ltr">@@ -16=
8,4 +168,7 @@ errno_t memset_s(void *, rsize_t, int, rsize_t);<br></div><di=
v dir=3D"ltr"> #endif /* __EXT1_VISIBLE */<br></div><div dir=3D"ltr"> __END=
_DECLS<br></div><div dir=3D"ltr"> <br></div><div dir=3D"ltr">+#if defined(_=
FORTIFY_SOURCE) &amp;&amp; _FORTIFY_SOURCE &gt; 0<br></div><div dir=3D"ltr"=
>+#include &lt;ssp/string.h&gt;<br></div><div dir=3D"ltr">+#endif<br></div>=
<div dir=3D"ltr"> #endif /* _STRING_H_ */<br></div><div dir=3D"ltr">diff --=
git a/include/strings.h b/include/strings.h<br></div><div dir=3D"ltr">index=
 fde007186e04..6fe6a09e7dd3 100644<br></div><div dir=3D"ltr">--- a/include/=
strings.h<br></div><div dir=3D"ltr">+++ b/include/strings.h<br></div><div d=
ir=3D"ltr">@@ -68,4 +68,7 @@ int&nbsp;&nbsp;&nbsp;  strncasecmp(const char =
*, const char *, size_t) __pure;<br></div><div dir=3D"ltr"> #endif<br></div=
><div dir=3D"ltr"> __END_DECLS<br></div><div dir=3D"ltr"> <br></div><div di=
r=3D"ltr">+#if defined(_FORTIFY_SOURCE) &amp;&amp; _FORTIFY_SOURCE &gt; 0<b=
r></div><div dir=3D"ltr">+#include &lt;ssp/strings.h&gt;<br></div><div dir=
=3D"ltr">+#endif<br></div><div dir=3D"ltr"> #endif /* _STRINGS_H_ */<br></d=
iv><div dir=3D"ltr">diff --git a/include/unistd.h b/include/unistd.h<br></d=
iv><div dir=3D"ltr">index e4e5c62fbb67..59738cbf6e68 100644<br></div><div d=
ir=3D"ltr">--- a/include/unistd.h<br></div><div dir=3D"ltr">+++ b/include/u=
nistd.h<br></div><div dir=3D"ltr">@@ -37,6 +37,10 @@<br></div><div dir=3D"l=
tr"> #include &lt;sys/_null.h&gt;<br></div><div dir=3D"ltr"> #include &lt;s=
ys/_types.h&gt;<br></div><div dir=3D"ltr"> <br></div><div dir=3D"ltr">+#if =
defined(_FORTIFY_SOURCE) &amp;&amp; _FORTIFY_SOURCE &gt; 0<br></div><div di=
r=3D"ltr">+#include &lt;ssp/unistd.h&gt;<br></div><div dir=3D"ltr">+#endif<=
br></div><div dir=3D"ltr">+<br></div><div dir=3D"ltr"> #ifndef _GID_T_DECLA=
RED<br></div><div dir=3D"ltr"> typedef&nbsp;&nbsp;&nbsp; __gid_t&nbsp;&nbsp=
;&nbsp; &nbsp;&nbsp;&nbsp; gid_t;<br></div><div dir=3D"ltr"> #define&nbsp;&=
nbsp;&nbsp; _GID_T_DECLARED<br></div><div dir=3D"ltr">diff --git a/lib/libt=
hr/Makefile b/lib/libthr/Makefile<br></div><div dir=3D"ltr">index a5bf5da44=
170..85c028f521a1 100644<br></div><div dir=3D"ltr">--- a/lib/libthr/Makefil=
e<br></div><div dir=3D"ltr">+++ b/lib/libthr/Makefile<br></div><div dir=3D"=
ltr">@@ -11,6 +11,9 @@ LDFLAGS+=3D&nbsp;&nbsp;&nbsp; -Wl,--rpath=3D/usr/lib=
${COMPAT_libcompat}<br></div><div dir=3D"ltr"> <br></div><div dir=3D"ltr"> =
.include &lt;src.opts.mk&gt;<br></div><div dir=3D"ltr"> MK_SSP=3D&nbsp;&nbs=
p;&nbsp; no<br></div><div dir=3D"ltr">+# SSP forced off already implies FOR=
TIFY_SOURCE=3D0, but we must make sure that<br></div><div dir=3D"ltr">+# on=
e cannot turn it back on.<br></div><div dir=3D"ltr">+FORTIFY_SOURCE=3D&nbsp=
;&nbsp;&nbsp; 0<br></div><div dir=3D"ltr"> <br></div><div dir=3D"ltr"> LIB=
=3Dthr<br></div><div dir=3D"ltr"> SHLIB_MAJOR=3D 3<br></div><div dir=3D"ltr=
">diff --git a/libexec/rtld-elf/Makefile b/libexec/rtld-elf/Makefile<br></d=
iv><div dir=3D"ltr">index 37c3840538d5..864448ad782a 100644<br></div><div d=
ir=3D"ltr">--- a/libexec/rtld-elf/Makefile<br></div><div dir=3D"ltr">+++ b/=
libexec/rtld-elf/Makefile<br></div><div dir=3D"ltr">@@ -15,6 +15,10 @@ MK_U=
BSAN=3D&nbsp;&nbsp;&nbsp; no<br></div><div dir=3D"ltr"> <br></div><div dir=
=3D"ltr"> .include &lt;bsd.compat.pre.mk&gt;<br></div><div dir=3D"ltr"> <br=
></div><div dir=3D"ltr">+# SSP forced off already implies FORTIFY_SOURCE=3D=
0, but we must make sure that<br></div><div dir=3D"ltr">+# one cannot turn =
it back on.<br></div><div dir=3D"ltr">+FORTIFY_SOURCE=3D&nbsp;&nbsp;&nbsp; =
0<br></div><div dir=3D"ltr">+<br></div><div dir=3D"ltr"> .if !defined(NEED_=
COMPAT)<br></div><div dir=3D"ltr"> CONFS=3D&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&=
nbsp; libmap.conf<br></div><div dir=3D"ltr"> .endif<br></div><div dir=3D"lt=
r">diff --git a/share/man/man7/security.7 b/share/man/man7/security.7<br></=
div><div dir=3D"ltr">index ccbeeb4575ce..2e690e35d534 100644<br></div><div =
dir=3D"ltr">--- a/share/man/man7/security.7<br></div><div dir=3D"ltr">+++ b=
/share/man/man7/security.7<br></div><div dir=3D"ltr">@@ -939,6 +939,81 @@ o=
ption that SSH allows in its<br></div><div dir=3D"ltr"> .Pa authorized_keys=
<br></div><div dir=3D"ltr"> file to make the key only usable to entities lo=
gging in from specific<br></div><div dir=3D"ltr"> machines.<br></div><div d=
ir=3D"ltr">+.Sh STACK OVERFLOW PROTECTION<br></div><div dir=3D"ltr">+.Fx<br=
></div><div dir=3D"ltr">+supports stack overflow protection using the Stack=
 Smashing Protector<br></div><div dir=3D"ltr">+.Pq SSP<br></div><div dir=3D=
"ltr">+compiler feature.<br></div><div dir=3D"ltr">+In userland, SSP adds a=
 per-process randomized canary at the end of every stack<br></div><div dir=
=3D"ltr">+frame which is checked for corruption upon return from the functi=
on.<br></div><div dir=3D"ltr">+In the kernel, a single randomized canary is=
 used globally except on aarch64,<br></div><div dir=3D"ltr">+which has a<br=
></div><div dir=3D"ltr">+.Dv PERTHREAD_SSP<br></div><div dir=3D"ltr">+.Xr c=
onfig 8<br></div><div dir=3D"ltr">+option to enable per-thread randomized c=
anaries.<br></div><div dir=3D"ltr">+If stack corruption is detected, then t=
he process aborts to avoid potentially<br></div><div dir=3D"ltr">+malicious=
 execution as a result of the corruption.<br></div><div dir=3D"ltr">+SSP ma=
y be enabled or disabled when building<br></div><div dir=3D"ltr">+.Fx<br></=
div><div dir=3D"ltr">+base with the<br></div><div dir=3D"ltr">+.Xr src.conf=
 5<br></div><div dir=3D"ltr">+SSP knob.<br></div><div dir=3D"ltr">+.Pp<br><=
/div><div dir=3D"ltr">+When<br></div><div dir=3D"ltr">+.Va WITH_SSP<br></di=
v><div dir=3D"ltr">+is enabled, which is the default, world is built with t=
he<br></div><div dir=3D"ltr">+.Fl fstack-protector-strong<br></div><div dir=
=3D"ltr">+compiler option.<br></div><div dir=3D"ltr">+The kernel is built w=
ith the<br></div><div dir=3D"ltr">+.Fl fstack-protector<br></div><div dir=
=3D"ltr">+option.<br></div><div dir=3D"ltr">+.Pp<br></div><div dir=3D"ltr">=
+In addition to SSP, a<br></div><div dir=3D"ltr">+.Dq FORTIFY_SOURCE<br></d=
iv><div dir=3D"ltr">+implementation is supported up to level 2 by defining<=
br></div><div dir=3D"ltr">+.Va _FORTIFY_SOURCE<br></div><div dir=3D"ltr">+t=
o<br></div><div dir=3D"ltr">+.Dv 1<br></div><div dir=3D"ltr">+or<br></div><=
div dir=3D"ltr">+.Dv 2<br></div><div dir=3D"ltr">+before including any<br><=
/div><div dir=3D"ltr">+.Fx<br></div><div dir=3D"ltr">+headers.<br></div><di=
v dir=3D"ltr">+.Fx<br></div><div dir=3D"ltr">+world builds can set<br></div=
><div dir=3D"ltr">+.Va FORTIFY_SOURCE<br></div><div dir=3D"ltr">+to provide=
 a default value for<br></div><div dir=3D"ltr">+.Va _FORTIFY_SOURCE .<br></=
div><div dir=3D"ltr">+When enabled,<br></div><div dir=3D"ltr">+.Dq FORTIFY_=
SOURCE<br></div><div dir=3D"ltr">+enables extra bounds checking in various =
functions that accept buffers to be<br></div><div dir=3D"ltr">+written into=
.<br></div><div dir=3D"ltr">+These functions currently have extra bounds ch=
ecking support:<br></div><div dir=3D"ltr">+.Bl -column -offset indent "snpr=
intf" "memmove" "strncpy" "vsnprintf" "readlink"<br></div><div dir=3D"ltr">=
+.It bcopy&nbsp; &nbsp; Ta bzero&nbsp; &nbsp; Ta fgets&nbsp; &nbsp;  Ta get=
cwd&nbsp; &nbsp; Ta gets<br></div><div dir=3D"ltr">+.It memcpy&nbsp;  Ta me=
mmove&nbsp; Ta memset&nbsp; &nbsp; Ta read&nbsp; &nbsp; &nbsp; Ta readlink<=
br></div><div dir=3D"ltr">+.It snprintf Ta sprintf&nbsp; Ta stpcpy&nbsp; &n=
bsp; Ta stpncpy&nbsp;  Ta strcat<br></div><div dir=3D"ltr">+.It strcpy&nbsp=
;  Ta strncat&nbsp; Ta strncpy&nbsp;  Ta vsnprintf Ta vsprintf<br></div><di=
v dir=3D"ltr">+.El<br></div><div dir=3D"ltr">+.Pp<br></div><div dir=3D"ltr"=
>+.Dq FORTIFY_SOURCE<br></div><div dir=3D"ltr">+requires compiler support f=
rom<br></div><div dir=3D"ltr">+.Xr clang 1<br></div><div dir=3D"ltr">+or<br=
></div><div dir=3D"ltr">+.Xr gcc 1 ,<br></div><div dir=3D"ltr">+which provi=
de the<br></div><div dir=3D"ltr">+.Xr __builtin_object_size 3<br></div><div=
 dir=3D"ltr">+function that is used to determine the bounds of an object.<b=
r></div><div dir=3D"ltr">+This feature works best at optimization levels<br=
></div><div dir=3D"ltr">+.Fl O1<br></div><div dir=3D"ltr">+and above, as so=
me object sizes may be less obvious without some data that the<br></div><di=
v dir=3D"ltr">+compiler would collect in an optimization pass.<br></div><di=
v dir=3D"ltr">+.Pp<br></div><div dir=3D"ltr">+Similar to SSP, violating the=
 bounds of an object will cause the program to<br></div><div dir=3D"ltr">+a=
bort in an effort to avoid malicious execution.<br></div><div dir=3D"ltr">+=
This effectively provides finer-grained protection than SSP for some class =
of<br></div><div dir=3D"ltr">+function and system calls, along with some pr=
otection for buffers allocated as<br></div><div dir=3D"ltr">+part of the pr=
ogram data.<br></div><div dir=3D"ltr"> .Sh KNOBS AND TWEAKS<br></div><div d=
ir=3D"ltr"> .Fx<br></div><div dir=3D"ltr"> provides several knobs and tweak=
 handles that make some introspection<br></div><div dir=3D"ltr">diff --git =
a/share/mk/bsd.sys.mk b/share/mk/bsd.sys.mk<br></div><div dir=3D"ltr">index=
 de91e00d8cc7..52c3d07746c7 100644<br></div><div dir=3D"ltr">--- a/share/mk=
/bsd.sys.mk<br></div><div dir=3D"ltr">+++ b/share/mk/bsd.sys.mk<br></div><d=
iv dir=3D"ltr">@@ -294,11 +294,18 @@ CFLAGS.clang+=3D&nbsp;&nbsp;&nbsp;  -Q=
unused-arguments<br></div><div dir=3D"ltr"> # but not yet.<br></div><div di=
r=3D"ltr"> CXXFLAGS.clang+=3D&nbsp;&nbsp;&nbsp;  -Wno-c++11-extensions<br><=
/div><div dir=3D"ltr"> <br></div><div dir=3D"ltr">+# XXX This should be def=
aulted to 2 when WITH_SSP is in use after further<br></div><div dir=3D"ltr"=
>+# testing and soak time.<br></div><div dir=3D"ltr">+FORTIFY_SOURCE?=3D&nb=
sp;&nbsp;&nbsp; 0<br></div><div dir=3D"ltr"> .if ${MK_SSP} !=3D "no"<br></d=
iv><div dir=3D"ltr"> # Don't use -Wstack-protector as it breaks world with =
-Werror.<br></div><div dir=3D"ltr"> SSP_CFLAGS?=3D&nbsp;&nbsp;&nbsp; -fstac=
k-protector-strong<br></div><div dir=3D"ltr"> CFLAGS+=3D&nbsp;&nbsp;&nbsp; =
${SSP_CFLAGS}<br></div><div dir=3D"ltr"> .endif # SSP<br></div><div dir=3D"=
ltr">+.if ${FORTIFY_SOURCE} &gt; 0<br></div><div dir=3D"ltr">+CFLAGS+=3D&nb=
sp;&nbsp;&nbsp; -D_FORTIFY_SOURCE=3D${FORTIFY_SOURCE}<br></div><div dir=3D"=
ltr">+CXXFLAGS+=3D&nbsp;&nbsp;&nbsp; -D_FORTIFY_SOURCE=3D${FORTIFY_SOURCE}<=
br></div><div dir=3D"ltr">+.endif<br></div><div dir=3D"ltr"> <br></div><div=
 dir=3D"ltr"> # Additional flags passed in CFLAGS and CXXFLAGS when MK_DEBU=
G_FILES is<br></div><div dir=3D"ltr"> # enabled.<br></div><div dir=3D"ltr">=
diff --git a/tools/build/options/WITHOUT_SSP b/tools/build/options/WITHOUT_=
SSP<br></div><div dir=3D"ltr">index 88162cecf14a..7a773fe1e5aa 100644<br></=
div><div dir=3D"ltr">--- a/tools/build/options/WITHOUT_SSP<br></div><div di=
r=3D"ltr">+++ b/tools/build/options/WITHOUT_SSP<br></div><div dir=3D"ltr">@=
@ -1 +1,4 @@<br></div><div dir=3D"ltr"> Do not build world with stack smash=
ing protection.<br></div><div dir=3D"ltr">+See<br></div><div dir=3D"ltr">+.=
Xr security 7<br></div><div dir=3D"ltr">+for more information.<br></div><di=
v dir=3D"ltr">diff --git a/tools/build/options/WITH_SSP b/tools/build/optio=
ns/WITH_SSP<br></div><div dir=3D"ltr">index 0088dd133782..4f06a73d4173 1006=
44<br></div><div dir=3D"ltr">--- a/tools/build/options/WITH_SSP<br></div><d=
iv dir=3D"ltr">+++ b/tools/build/options/WITH_SSP<br></div><div dir=3D"ltr"=
>@@ -1 +1,4 @@<br></div><div dir=3D"ltr"> Build world with stack smashing p=
rotection.<br></div><div dir=3D"ltr">+See<br></div><div dir=3D"ltr">+.Xr se=
curity 7<br></div><div dir=3D"ltr">+for more information.<br></div></div>
            </div>
        </div></body></html>
------=_Part_1591639_634665037.1716059235908--