Integration of ProPolice in FreeBSD
Kris Kennaway
kris at FreeBSD.org
Tue Jun 24 22:27:45 UTC 2008
Jeremie Le Hen wrote:
> I have had little spare time lately, this is why my followup have taken
> so long.
>
> Since this report from Antoine, my goal has been to be able to use
> -fstack-protector-all when building world. I hoped it would be quite
> straightforward, IOW that preventing bootstrap functions from being
> protected would be enough. Unfortunately, it seems that building
> libc_pic.a/libc.so with -fstack-protector-all breaks rtld in a very
> twisted way that I'm unable to untangle for now.
>
> Nonetheless, I really want to see this patch hit the tree before 8.x is
> forked off. I have existed for more than two years and I would like to
> avoid delaying it futher. So I will go the easy path for now and
> prevent libc from being built with -fstack-protector-all.
>
> Here are what haved changed since the previous patch:
> - SSP is opt-out except for ia64; this is intended to trigger bugs.
> However this doesn't mean it will be enabled by default in stable
> releases.
> - Thanks to Antoine, SSP related symbols are now compiled without stack
> protection itself. This prevents a chicken and egg problem.
> - lib/csu, gnu/lib/csu and libexec/rtld-elf are built without stack
> protection.
>
> I'm looking forward for more review and testing of this patch in order
> to get it committed soon.
>
> Ruslan, would you mind reviewing the change in bsd.own.mk as well?
>
> Thank you very much.
> Best regards,
>
FYI, I did a package build with world built with this patch (but without
adding -fstack-protector to CFLAGS). I didnt notice any problems. This
makes me slightly suspicious, but another hypothesis is that the patch
is in fact safe :-)
Kris
More information about the freebsd-arch
mailing list