Integration of ProPolice in FreeBSD

Kris Kennaway kris at FreeBSD.org
Tue Jun 24 22:27:45 UTC 2008


Jeremie Le Hen wrote:

> I have had little spare time lately, this is why my followup have taken
> so long.
> 
> Since this report from Antoine, my goal has been to be able to use
> -fstack-protector-all when building world.  I hoped it would be quite
> straightforward, IOW that preventing bootstrap functions from being
> protected would be enough.  Unfortunately, it seems that building
> libc_pic.a/libc.so with -fstack-protector-all breaks rtld in a very
> twisted way that I'm unable to untangle for now.
> 
> Nonetheless, I really want to see this patch hit the tree before 8.x is
> forked off.  I have existed for more than two years and I would like to
> avoid delaying it futher.  So I will go the easy path for now and
> prevent libc from being built with -fstack-protector-all.
> 
> Here are what haved changed since the previous patch:
> - SSP is opt-out except for ia64; this is intended to trigger bugs.
>   However this doesn't mean it will be enabled by default in stable
>   releases.
> - Thanks to Antoine, SSP related symbols are now compiled without stack
>   protection itself.  This prevents a chicken and egg problem.
> - lib/csu, gnu/lib/csu and libexec/rtld-elf are built without stack
>   protection.
> 
> I'm looking forward for more review and testing of this patch in order
> to get it committed soon.
> 
> Ruslan, would you mind reviewing the change in bsd.own.mk as well?
> 
> Thank you very much.
> Best regards,
> 

FYI, I did a package build with world built with this patch (but without 
adding -fstack-protector to CFLAGS).  I didnt notice any problems.  This 
makes me slightly suspicious, but another hypothesis is that the patch 
is in fact safe :-)

Kris


More information about the freebsd-arch mailing list