From nobody Thu Jan 23 07:39:01 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YdtBh3TqRz5lmry for ; Thu, 23 Jan 2025 07:39:56 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Received: from mailgate.Leidinger.net (mailgate.leidinger.net [IPv6:2a00:1828:2000:313::1:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (prime256v1) client-digest SHA256) (Client CN "mailgate.leidinger.net", Issuer "E6" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YdtBg3j1zz3ZG0; Thu, 23 Jan 2025 07:39:55 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=leidinger.net header.s=outgoing-alex header.b=JLXcpfrp; spf=pass (mx1.freebsd.org: domain of Alexander@Leidinger.net designates 2a00:1828:2000:313::1:5 as permitted sender) smtp.mailfrom=Alexander@Leidinger.net; dmarc=pass (policy=quarantine) header.from=leidinger.net List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net; s=outgoing-alex; t=1737617993; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=oh4suRTP7Xf94wA4CTxIrq3SbW7bVVOpGId4j+Eidy4=; b=JLXcpfrpySCgkKYe1w+d+Yh21PSJ/oAl3OWrskSyKGtjap9d8ByI1qogqz+14Rz7gyJUL+ reDLsvo0MqiPDH/pMyAcXrlh5RsSrOZvIsZH31d1igxS+VZtqNby3VYvnRtPUqE4IEhJvW INk7LfOu8/clQHJalZ9jcRukUJSNTCx4iYKjUiRTVka3bvByZxBJQibPvWoLveS+st6w3v dVqrXB3vmQ1j7ZbDbFR1AztgdVsz2UogWw0exzBpDXB9I+qA6vZ3BRNag+uCUXeswAJv6M LR4p4JCSQ7fQwpjyD2Cg8yaEotoX6BmhJbFd7Rkbxyn5Fg1+/JCOsPAYj7Rmxg== Date: Thu, 23 Jan 2025 08:39:01 +0100 From: Alexander Leidinger To: Dimitry Andric Cc: Current FreeBSD Subject: Re: Playing around with security hardening compiler flags In-Reply-To: <812A3C4D-35FA-4F98-B279-F550D3296C12@FreeBSD.org> References: <01a4b49d43860c30e480ec7cf5bd08f9@Leidinger.net> <812A3C4D-35FA-4F98-B279-F550D3296C12@FreeBSD.org> Message-ID: <1235d5f95e2a2b75b8b8335b8a282bb5@Leidinger.net> Organization: No organization, this is a private message. Content-Type: multipart/signed; protocol="application/pgp-signature"; boundary="=_1adeff84ffdbcf4f922c7482737b982b"; micalg=pgp-sha256 X-Spamd-Result: default: False [-6.09 / 15.00]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.994]; DMARC_POLICY_ALLOW(-0.50)[leidinger.net,quarantine]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; R_DKIM_ALLOW(-0.20)[leidinger.net:s=outgoing-alex]; ARC_NA(0.00)[]; ASN(0.00)[asn:34240, ipnet:2a00:1828::/32, country:DE]; MIME_TRACE(0.00)[0:+,1:+,2:~]; HAS_ORG_HEADER(0.00)[]; MISSING_XM_UA(0.00)[]; HAS_ATTACHMENT(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[leidinger.net:+] X-Spamd-Bar: ------ X-Rspamd-Queue-Id: 4YdtBg3j1zz3ZG0 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --=_1adeff84ffdbcf4f922c7482737b982b Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed Am 2024-11-17 19:28, schrieb Dimitry Andric: > Last but not least, -fstack-clash-protection might be useful, but I > think it might need some additional runtime support? E.g. in libc? What I found so far is that the kernel needs to have support for stack guard pages (which we have). https://reviews.freebsd.org/D48426 Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_1adeff84ffdbcf4f922c7482737b982b Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc; size=833 Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmeR8icACgkQEg2wmwP4 2IZX9w//SbsYdMyJvCwWhifeD8xawteDBv+kGP4/NUCR61qN86KNdOtrm+aoxDxI hLZwvBos6Ds9SX8wBVERJ5qiHJivT3E4KUnxvfmbvKi+GeXBL/ddsAyFaVHZQXlA jjTRVn6xfggz5nrx/T3C2VAfVAisFlWD+XALkMSBsGrGvwlOrFvdIjdbRICdH0e0 c/HvWKRZ/A4mZ6SMn8XmpghSpfwENvb+bRmmcKd0yREjt9m/V1IMtaoqyPx67FuV 9Nu1i0jSJNHm+1klEYNkM5NTFEjhADbLVZH5d1rBUKbrI1Wf2kWbPm+B8jSV/c0m HQsAvOauSp28da/9RA7N2Y55zOozpVQP2ho22UOuO/q0vXD4tspWWz7N9DbFxDOW eS7pj0NucLVMXQLIpo74zVlaqFL9Vv8ZyNYTyXIFEb3CmDrt64AIWiVzJ1tNzgYL /ajKHM73tfTCN0U0aZo2O0RmjxMaAHiskpnaCrfuJ+PXis/SZ0n9tFBmBDil0pdL WhLhg4nWyShDhYRY5QiabS4Sn94mHX5sL78gPwen6/VcjaXSPGA6FgWNQurcgIkc Dd1T5VNsefT18C4NLn++gM4o2xEvwI85lFc+snTcFLo/ZP/dmjmLHqSp0h0Vk9ZG OkF3XdaOk4Ro/fDc1z3t1n2jKVyBRBMB/8N5njc6bYGCbI9vkyQ= =FkQA -----END PGP SIGNATURE----- --=_1adeff84ffdbcf4f922c7482737b982b--