cvs commit: src Makefile.inc1 src/gnu/lib Makefile src/gnu/lib/csu Makefile src/gnu/lib/libssp Makefile src/lib/csu Makefile.inc src/lib/libc Makefile src/lib/libstand Makefile src/lib/libthr Makefile src/libexec/rtld-elf Makefile src/release Makefile ...

Stanislav Sedov stas at FreeBSD.org
Mon Jul 7 11:49:27 UTC 2008 

On Wed, 25 Jun 2008 21:33:28 +0000 (UTC)
Ruslan Ermilov <ru at FreeBSD.org> mentioned:

> ru          2008-06-25 21:33:28 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
>     .                    Makefile.inc1 
>     gnu/lib              Makefile 
>     gnu/lib/csu          Makefile 
>     gnu/lib/libssp       Makefile 
>     lib/libc             Makefile 
>     lib/libstand         Makefile 
>     lib/libthr           Makefile 
>     libexec/rtld-elf     Makefile 
>     release              Makefile 
>     release/picobsd/build picobsd 
>     rescue/librescue     Makefile 
>     rescue/rescue        Makefile 
>     share/mk             bsd.sys.mk 
>     sys/boot/arm/at91    Makefile.inc 
>     sys/boot/efi         Makefile.inc 
>     sys/boot/i386        Makefile.inc 
>     sys/boot/i386/loader Makefile 
>     sys/boot/ia64        Makefile.inc 
>     sys/boot/ia64/common Makefile 
>     sys/boot/ia64/efi    Makefile 
>     sys/boot/ia64/ski    Makefile 
>     sys/boot/pc98        Makefile.inc 
>     sys/boot/pc98/loader Makefile 
>     sys/boot/powerpc/ofw Makefile 
>     sys/boot/sparc64     Makefile.inc 
>     sys/boot/sparc64/loader Makefile 
>     sys/conf             files kern.mk kern.pre.mk 
>     tools/build/options  WITHOUT_SSP 
>   Added files:
>     lib/csu              Makefile.inc 
>     sys/boot             Makefile.inc 
>     sys/boot/arm         Makefile.inc 
>     sys/boot/ofw         Makefile.inc 
>     sys/boot/powerpc     Makefile.inc 
>     sys/boot/uboot       Makefile.inc 
>     sys/kern             stack_protector.c 
>   Log:
>   SVN rev 180012 on 2008-06-25 21:33:28Z by ru
>   
>   Enable GCC stack protection (aka Propolice) for userland:
>   - It is opt-out for now so as to give it maximum testing, but it may be
>     turned opt-in for stable branches depending on the consensus.  You
>     can turn it off with WITHOUT_SSP.
>   - WITHOUT_SSP was previously used to disable the build of GNU libssp.
>     It is harmless to steal the knob as SSP symbols have been provided
>     by libc for a long time, GNU libssp should not have been much used.
>   - SSP is disabled in a few corners such as system bootstrap programs
>     (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
>   - It should be safe to use -fstack-protector-all to build world, however
>     libc will be automatically downgraded to -fstack-protector because it
>     breaks rtld otherwise.
>   - This option is unavailable on ia64.
>   
>   Enable GCC stack protection (aka Propolice) for kernel:
>   - It is opt-out for now so as to give it maximum testing.
>   - Do not compile your kernel with -fstack-protector-all, it won't work.
>   

This break world on at91rm9200 and, probably, on other arm targets.
I haven't digged into the problem deeply, but the kernel doesn't seem to
be able to execute any ssp-enabled binaries (coredumps with bus error).

-- 
Stanislav Sedov
ST4096-RIPE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20080707/a22ebe63/attachment.pgp

More information about the cvs-src mailing list