cvs commit: src Makefile.inc1 src/gnu/lib Makefile src/gnu/lib/csu
Makefile src/gnu/lib/libssp Makefile src/lib/csu Makefile.inc
src/lib/libc Makefile src/lib/libstand Makefile src/lib/libthr
Makefile src/libexec/rtld-elf Makefile src/release Makefile ...
Ruslan Ermilov
ru at FreeBSD.org
Wed Jun 25 21:38:36 UTC 2008
ru 2008-06-25 21:33:28 UTC
FreeBSD src repository
Modified files:
. Makefile.inc1
gnu/lib Makefile
gnu/lib/csu Makefile
gnu/lib/libssp Makefile
lib/libc Makefile
lib/libstand Makefile
lib/libthr Makefile
libexec/rtld-elf Makefile
release Makefile
release/picobsd/build picobsd
rescue/librescue Makefile
rescue/rescue Makefile
share/mk bsd.sys.mk
sys/boot/arm/at91 Makefile.inc
sys/boot/efi Makefile.inc
sys/boot/i386 Makefile.inc
sys/boot/i386/loader Makefile
sys/boot/ia64 Makefile.inc
sys/boot/ia64/common Makefile
sys/boot/ia64/efi Makefile
sys/boot/ia64/ski Makefile
sys/boot/pc98 Makefile.inc
sys/boot/pc98/loader Makefile
sys/boot/powerpc/ofw Makefile
sys/boot/sparc64 Makefile.inc
sys/boot/sparc64/loader Makefile
sys/conf files kern.mk kern.pre.mk
tools/build/options WITHOUT_SSP
Added files:
lib/csu Makefile.inc
sys/boot Makefile.inc
sys/boot/arm Makefile.inc
sys/boot/ofw Makefile.inc
sys/boot/powerpc Makefile.inc
sys/boot/uboot Makefile.inc
sys/kern stack_protector.c
Log:
SVN rev 180012 on 2008-06-25 21:33:28Z by ru
Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
Submitted by: Jeremie Le Hen <jeremie at le-hen.org>
Revision Changes Path
1.607 +6 -5 src/Makefile.inc1
1.43 +1 -5 src/gnu/lib/Makefile
1.29 +1 -0 src/gnu/lib/csu/Makefile
1.3 +1 -0 src/gnu/lib/libssp/Makefile
1.1 +3 -0 src/lib/csu/Makefile.inc (new)
1.74 +6 -0 src/lib/libc/Makefile
1.62 +1 -0 src/lib/libstand/Makefile
1.35 +2 -0 src/lib/libthr/Makefile
1.42 +2 -0 src/libexec/rtld-elf/Makefile
1.932 +4 -3 src/release/Makefile
1.42 +5 -4 src/release/picobsd/build/picobsd
1.10 +2 -0 src/rescue/librescue/Makefile
1.62 +1 -0 src/rescue/rescue/Makefile
1.45 +6 -0 src/share/mk/bsd.sys.mk
1.1 +3 -0 src/sys/boot/Makefile.inc (new)
1.1 +3 -0 src/sys/boot/arm/Makefile.inc (new)
1.8 +2 -0 src/sys/boot/arm/at91/Makefile.inc
1.8 +2 -0 src/sys/boot/efi/Makefile.inc
1.13 +2 -0 src/sys/boot/i386/Makefile.inc
1.86 +2 -0 src/sys/boot/i386/loader/Makefile
1.4 +2 -0 src/sys/boot/ia64/Makefile.inc
1.2 +2 -0 src/sys/boot/ia64/common/Makefile
1.29 +1 -0 src/sys/boot/ia64/efi/Makefile
1.21 +1 -0 src/sys/boot/ia64/ski/Makefile
1.1 +3 -0 src/sys/boot/ofw/Makefile.inc (new)
1.8 +2 -0 src/sys/boot/pc98/Makefile.inc
1.42 +2 -0 src/sys/boot/pc98/loader/Makefile
1.1 +3 -0 src/sys/boot/powerpc/Makefile.inc (new)
1.24 +2 -0 src/sys/boot/powerpc/ofw/Makefile
1.2 +2 -0 src/sys/boot/sparc64/Makefile.inc
1.21 +2 -0 src/sys/boot/sparc64/loader/Makefile
1.1 +3 -0 src/sys/boot/uboot/Makefile.inc (new)
1.1311 +2 -0 src/sys/conf/files
1.55 +7 -0 src/sys/conf/kern.mk
1.100 +1 -4 src/sys/conf/kern.pre.mk
1.1 +35 -0 src/sys/kern/stack_protector.c (new)
1.2 +1 -1 src/tools/build/options/WITHOUT_SSP
More information about the cvs-src
mailing list