From nobody Sun May 19 02:17:34 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vhkqk624Cz5KVqc for ; Sun, 19 May 2024 02:17:38 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Vhkqk4B2Sz4Ms6 for ; Sun, 19 May 2024 02:17:38 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-io1-xd2a.google.com with SMTP id ca18e2360f4ac-7e1d1caa7ffso181694639f.2 for ; Sat, 18 May 2024 19:17:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1716085056; x=1716689856; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=5oGMAqZ8Yv4NWFuvUVLk2TtW7ANG4dGw74Ktu4bUdNY=; b=ZHznsjE75dbpwryJXGK21uG/YdmTSM32H8oNO8eMd3h3zJmOU5Ckwz5tyCvgrgYzsH wUcfDhHSzgqLho7VqcNYQPv1YnP1gEbbLjSssH7k3jr2iJjyKHUfulvMqh+mPG1u0wYH NGFCzQ7F18Wi3H+mef75stu6l/Rn28AAINHbBDWGn9chS78mNefqLFJgxOQDNIJCTIzH uFBtV9Fj9NF8o0HQuJnN8iS1J216BqkIElISkhuxceV0PuWweSqTqeuLVW0YbtcS7M+u blwExQbM5PS1uWLayJU1FCXjorUZhrwdxEjZw1OkwoZ1omh4VNWFDbZK3N4EOC8izbv+ TLAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716085056; x=1716689856; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=5oGMAqZ8Yv4NWFuvUVLk2TtW7ANG4dGw74Ktu4bUdNY=; b=U3BWuMFGH2wo9LxnWtOTLFAm+yld3NP+Ctfk7LiHsBgcFS8BF4NvcgFawHlfJg/jgV z7GYW37g/BuNRN6h2/L2gkBGU0vD29ai9u8P76PIlbhqkCfTEJiRRp8H88nbb8hze8RM nyCmTu2tVw+4/aMreQvrc5mOwnSKrI2KIFYLXn4q8aEr4vohWT7LSOBtHdpRzKgO2d4A LieIFG+hOhi71NBpg+FjnCljBLo8+B3TavAPRiperevZQx0zK0zVV4cv3W6CCOWKf4Wz ua8JoJcrf3JJgt+zFQxWEmmS2vVbugp6RrW7kEXUmD7zJbHACgjMfdKxdxxy1yLhZ1QH 5u3Q== X-Forwarded-Encrypted: i=1; AJvYcCVi6iRTfzbSephPD2fdEjIHtinxEEel9oMrVrUH6VSq+BTZJhyfO0rmL9vt5gMRvb61Nvfq9ghUE/KpSVF+0oWSszxRonHo7PfmWO71p9GlRQ== X-Gm-Message-State: AOJu0YxlzHu2xeG9kjLFiPom680piDgGWaoUQqVnnyBQakNX1Z9U5xbm RjskQ9w5Ttwzs3v9B1uNesjCBQMn7HOb6H1cTx6j+LboUy73aIGYT/br+X1mg2A= X-Google-Smtp-Source: AGHT+IFIAmUXGQBEJIcIqcS6G4dEE0/oBLksafspcSWVfbZQsmrCrkco088uUF0FBT+L80gK5TsnHw== X-Received: by 2002:a6b:f812:0:b0:7e2:1e0:3352 with SMTP id ca18e2360f4ac-7e201e033c9mr1408658339f.9.1716085056563; Sat, 18 May 2024 19:17:36 -0700 (PDT) Received: from mutt-hbsd ([184.99.37.29]) by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-4893701155bsm5352630173.31.2024.05.18.19.17.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 May 2024 19:17:35 -0700 (PDT) Date: Sun, 19 May 2024 02:17:34 +0000 From: Shawn Webb To: Kyle Evans Cc: Pedro Giffuni , "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Subject: Re: git: be04fec42638 - main - Import _FORTIFY_SOURCE implementation from NetBSD Message-ID: X-Operating-System: FreeBSD mutt-hbsd 15.0-CURRENT-HBSD FreeBSD 15.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <02326b5e-a1fe-4411-a869-d21f9a76130c@email.android.com> <999469960.1638478.1716080957814@mail.yahoo.com> <6276b721-6c7b-41cd-9d1b-4169e86ec5e9@FreeBSD.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="66ccod2zjktdeno2" Content-Disposition: inline In-Reply-To: <6276b721-6c7b-41cd-9d1b-4169e86ec5e9@FreeBSD.org> X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4Vhkqk4B2Sz4Ms6 --66ccod2zjktdeno2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, May 18, 2024 at 09:08:48PM -0500, Kyle Evans wrote: >=20 >=20 > On 5/18/24 20:09, Pedro Giffuni wrote: > > (sorry for top posting .. my mailer just sucks) > > Hi; > >=20 > > I used to like the limited static checking FORTIFY_SOURCE provides and > > when I ran it over FreeBSD it did find a couple of minor issues. It only > > works for GCC though. > >=20 >=20 > I don't think this is particularly true anymore; I haven't found a case y= et > where __builtin_object_size(3) doesn't give me the correct size while GCC > did. I'd welcome counter-examples here, though -- we have funding to both > finish the project (widen the _FORTIFY_SOURCE net to more of libc/libsys) > and add tests to demonstrate that it's both functional and correct. It > would be useful to also document deficiencies in the tests. >=20 > > I guess it doesn't really hurt to have FORTIFY_SOURCE around and NetBSD > > had the least intrusive implementation the last time I checked but I > > would certainly request it should never be activated by default, > > specially with clang. The GCC version has seen more development on glibc > > but I still think its a dead end. > >=20 >=20 > I don't see a compelling reason to avoid enabling it by default; see abov= e, > the functionality that we need in clang appears to be just fine (and, iir= c, > was also fine when I checked at the beginning of working on this in 2021) > and it provides useful >=20 > > What I would like to see working on FreeBSD is Safestack as a > > replacement for the stack protector, which we were so very slow to adopt > > even when it was originally developed in FreeBSD. I think other projects > > based on FreeBSD (Chimera and hardenedBSD) have been using it but I > > don't know the details. > >=20 >=20 > No comment there, though I think Shawn Webb / HardenedBSD had been playing > around with SafeStack (and might have enabled it? I haven't actually look= ed > in a while now). =20 HardenedBSD has enabled SafeStack for userland applications and base and a few ports. HardenedBSD uses -fstack-protector-all. I don't see _FORTIFY_SOURCE, SafeStack, and SSP as mutually exclusive. In fact, I view all three as complementary. _FORTIFY_SOURCE can have a much wider reach than SafeStack at the moment. SafeStack cannot be applied to shared objects, only dynamically-loaded executables (ELF ET_DYN and ET_EXEC). SafeStack relies on both ASLR and W^X for efficacy. SafeStack cannot be used with setjmp/longjmp. I would like to see SafeStack reach completion and have made attempts in the past to help push the needle in that direction. We need explicit support in the RTLD and libc in order to apply it to libraries. Additionally, we would like to apply it to statically-linked binaries. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --66ccod2zjktdeno2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmZJYSgACgkQ/y5nonf4 4foEuQ//SqRetIhK6PGoaW1c11RZxy6aauHMpXnab1QWn+Lfm45jiwctkCw38oDz YEzN3iWXBof/7VyUdFC0dk4U7xT3s1DEmQYasWV3yhOp+9WLffWSsFHXP0H1uxiK Obvb8EhJ9DqMWkc20owofHxro2dnHgdG/15r13irdEW9McgeDiVZ+sjqdlJa0ahJ RP78qfiINmruN91sdKVS5K+qJjl43CFnaTd4AzxZpdyjPR8feH12CJCWzZH2xijW DZZ9fIhlJ02++GPCWoiJxuIXSC8EFYn11vTHxYGNUXosVN3F28V5eDpNRMwQ7cDY HCV8DF7HsFNjnliP+fEddrUd6BHYKmbXLZ1tHxDMw/TOkQF8e9eHkcuou9+zrFY+ Jk7A9Gx8GaKLRV0k3WhDBFl+55L99Pl6Rrn+IEoAkBrn/B3mbhGYDGgMcGXBsHg/ jdwqLetePTXlmatxNmIYeTwQf7sXntzD2CO4BJhASvoQPW6KYlfPWZlBBuJSqMbO eR/fuKoQErs+j9TESx9XV/PL/Ip0op7rOThm6S51p9EAUXKL3ZBSGk6T1vtKBS+V brrfH6TwtS8hGB7aDy//2JSXuPmhgzD/YtS1TSGNRiwC5v9T5PYBAvmtoo082mz6 dt/oN9B1JYsI+tNXSzhhojbso8MATvH2OTkb+jKRpgkqzKBNCFA= =qMV8 -----END PGP SIGNATURE----- --66ccod2zjktdeno2--