fstack protector
Uwe Doering
gemini at geminix.org
Sat Apr 19 00:33:08 PDT 2003
Kris Kennaway wrote:
> On Fri, Apr 11, 2003 at 11:58:02AM -0500, Mike Silbersack wrote:
>
>>One possible solution would be to have a gcc-ssp port which would build a
>>SSP version of the base system's compiler, and call it gcc-ssp or
>>something. Then we could make certain ports depend on using it, perhaps.
>
> That's the best solution for FreeBSD. You'd just set CC and CFLAGS if
> you want to build with it, as usual. Be aware that some ports will
> not run when built with -fstack-protector, last time I checked
> (XFree86 is one).
Which version of XFree86? At least 3.3.6 works fine for me, with
'-fstack-protector' (actually auto-enabled on my systems).
Mozilla 1.x, however, doesn't work with stack protection. That's the
only port I found so far that breaks. Reason unknown. Actually, it
already happens at build time. 'regchrome' crashes. At least I think
that was the name, if memory serves.
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini at geminix.org | http://www.escapebox.net
More information about the freebsd-security
mailing list