svn commit: r358993 - head/lib/libssp
Kyle Evans
kevans at FreeBSD.org
Sat Mar 14 15:15:28 UTC 2020
Author: kevans
Date: Sat Mar 14 15:15:27 2020
New Revision: 358993
URL: https://svnweb.freebsd.org/changeset/base/358993
Log:
libssp: don't compile with -fstack-protector*
This similarly matches what we do in libc; compiling libssp with
-fstack-protector* is actively harmful. For instance, if the canary ctor
ends up with a stack protector then it will trivially trigger a false
positive as the canary's being initialized.
This was noted by the reporter as irc/ircd-hybrid started crashing at start
after our libssp was MFC'd to stable/11, as its build will explicitly link
in libssp. On FreeBSD, this isn't necessary as SSP bits are included in
libc, but it should absolutely not trigger runtime breakage -- it does mean
that the canary will get initialized twice, but as this is happening early
on in application startup it should just be redundant work.
Reported by: Tod McQuillin <devin at sevenlayer.studio>
MFC after: 3 days
Modified:
head/lib/libssp/Makefile
Modified: head/lib/libssp/Makefile
==============================================================================
--- head/lib/libssp/Makefile Sat Mar 14 14:04:55 2020 (r358992)
+++ head/lib/libssp/Makefile Sat Mar 14 15:15:27 2020 (r358993)
@@ -17,4 +17,8 @@ SRCS= stack_protector.c fortify_stubs.c
CFLAGS.fortify_stubs.c= -Wno-unused-parameter
+# Stack protection on libssp symbols should be considered harmful, as we may
+# be talking about, for example, the guard setup constructor.
+SSP_CFLAGS:=
+
.include <bsd.lib.mk>
More information about the svn-src-head
mailing list