From nobody Tue May 14 03:16:07 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VdhMd5JQFz5KF2s for ; Tue, 14 May 2024 03:16:13 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VdhMd4bTBz4TjK; Tue, 14 May 2024 03:16:13 +0000 (UTC) (envelope-from kevans@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1715656573; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Cju8FxDfeI/LuXW2tma5aRCm7mopFWVlE+XxIfPFWhE=; b=MLHKc/jogkDYxpYZXZXkFkZ4P2knphVNSG+NRVj6iGvEcIfW4l+DtyHUmOH0J31rPIzG70 SQDa2wpxieHEMuiwjVKP/pdt/4gCjVqa8a2ZKvUac6a5Fum935lLZbw6mD39p//FHaIU9Q AARRH4U5HW49cN52WErv8wXnltNz5ClBOooky+XwfL+vEfnVlqKe8XRPr7ftRtEueTr7C4 PIZi950iDckmTryq9+Q7/CSxMH/HQx3LQ3bpMIyWsBhoKZIl8/3N6SnA2ExZTwMcUJcDmy lgDPWu+rPz0sLm3JoEWnTA+98sOXvXSt+NOyjt9XEyC9fe02nb6quR9BDCbIFQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715656573; a=rsa-sha256; cv=none; b=rVBb/PWgGB52Ei68VOyvMLRGsJTo3uyoxoLlzU5ubXbFLo5n1bss2Y6Y6BdtIePLSutWw7 fUFP2eVmYtSQQgVpid/1lcmMXK2oMDz5cAU74+dHYRMPj637JbbqJob1VfJU487pOB5f9z mnbUM4URW3/je2psOFntlYq6fareRKJq3qV56bEDF7OfnHr4X8c1/y5KZKh4PJ/ihkN7Dt xzdDLrp/mrbtTLy4RRNuVKf3iJPdqLzajC0GRZQQhfZcKjVvp3eFGgwWY7JeBLK24sAeDj CEn5X/PWYaak7p3eEkQQeAt83CKN2COoqmlskuvhYqRjg/nZ1zaAae7GiU5bWQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1715656573; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Cju8FxDfeI/LuXW2tma5aRCm7mopFWVlE+XxIfPFWhE=; b=qRWJvHLlwraILkrrPzo64eDzEm4nFG924lPxXQk3pZIIV/DQewYRiwK1Z1+OEwTMxZ2I4N C1quWiSqt+wX/F+kSd5Dh/1kcUx/NapI1MLAEgpiq2w20HtCW6BWkAvZqacyPGqWLFvfFl c7nNx91LCQ4X+RlOwPo+xGmklaLvkQgOMyg0ZBEAE77HeiztNH1EzsM4dAIKSy2af17VNP CCNewO0MlHKTx0YqAsZn93+kKER1nZ/JVJlZgcJhUrR7ccX7Qt5jD/75kY0BMZc5cz4cLf G3B3L4+DCovQx2IRvLt5FwlhwmtFGU6skSG1l++TywLG+5qW4E9DsDCOq+cDjw== Received: from [10.9.4.95] (unknown [209.182.120.176]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: kevans/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4VdhMd1Kq5zWBH; Tue, 14 May 2024 03:16:13 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Message-ID: <9d4a06bc-44fd-4e9a-8615-cd71127fc90e@FreeBSD.org> Date: Mon, 13 May 2024 22:16:07 -0500 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Initial implementation of _FORTIFY_SOURCE Content-Language: en-US To: Tomoaki AOKI , Shawn Webb Cc: Cy Schubert , "freebsd-hackers@FreeBSD.org" References: <20240513180924.29C872B4@slippy.cwsent.com> <20240514080517.36f218aa3a054aa2cba99b0d@dec.sakura.ne.jp> From: Kyle Evans In-Reply-To: <20240514080517.36f218aa3a054aa2cba99b0d@dec.sakura.ne.jp> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 5/13/24 18:05, Tomoaki AOKI wrote: > On Mon, 13 May 2024 18:57:26 +0000 > Shawn Webb wrote: > >> On Mon, May 13, 2024 at 11:09:24AM -0700, Cy Schubert wrote: >>> In message , Kyle Evans >>> write >>> s: >>>> Hi, >>>> >>>> As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported >>>> an initial version of FORTIFY_SOURCE from FreeBSD. FORTIFY_SOURCE is an >>>> improvement over classical SSP, doing compiler-aided checking of stack >>>> object sizes to detect more fine-grained stack overflow without relying >>>> on the randomized stack canary just past the stack frame. >>>> >>>> This implementation is not yet complete, but we've done a review of >>>> useful functions and syscalls to add checked variants of and intend to >>>> complete the implementation over the next month or so. >>>> >>>> Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=2 in the >>>> buildworld env -- I intend to flip the default to 2 when WITH_SSP is set >>>> in the next month if nobody complains about serious breakage. I've >>>> personally been rolling with FORTIFY_SOURCE=2 for the last three years >>>> that this has been sitting in a local branch, so I don't really >>>> anticipate any super-fundamental breakage. >>> >>> Should this trigger a __FreeBSD_version bump? >> >> I would encourage that so to help the ports tree determine >> availability of the import. > > If it can be enabled/disabled with sysctls/tunables on runtime/boottime, > bump should be preferred. Maybe this isn't yet the case here, IIUC. > > But if it could be done only on build time with WITH_ or WITHOUT_ knob > ad not yet enabled by default for now, now ins't the time to bump. > Bump should be done when it becomes to be built by default. > > Bump for non-default build time knob should force poudriere[-devel] > users massive unneeded rebuilds. So should be avoided, if it still > cannot switch on boot or runtime. > It's strictly build time, and I didn't really see the value in bumping __FreeBSD_version for it. I don't see any reason to, e.g., turn it into a per-port option that we may not want to have if the feature isn't there, and the knob to build it in is a preprocessor define that's harmless if the feature isn't actually available. Thanks, Kyle Evans