From owner-freebsd-security@FreeBSD.ORG Sun May 28 14:01:07 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCB3A16B0E1 for ; Sun, 28 May 2006 14:01:07 +0000 (UTC) (envelope-from caelian@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 804EA43D5F for ; Sun, 28 May 2006 14:01:05 +0000 (GMT) (envelope-from caelian@gmail.com) Received: by nf-out-0910.google.com with SMTP id a27so111625nfc for ; Sun, 28 May 2006 07:01:04 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:subject:from:to:cc:in-reply-to:references:content-type:date:message-id:mime-version:x-mailer:content-transfer-encoding; b=JQ8H3UYZUSFMADC/576OiKn07NKppaGG2+jR0fwTzR3A7v7QRz/nKB809srJ0yRkvw45PEMCdIYJK6m6cxA9MnjllpYgBi0/hKiTIZQ2oUweG1DvbOit9Dom+hyux8wQ0bjwh+/bhatbA+HHYN+5W3strY++Nu5RDXraNfv7kts= Received: by 10.49.51.15 with SMTP id d15mr968751nfk; Sun, 28 May 2006 06:33:34 -0700 (PDT) Received: from aphrodite.OFFIS.Uni-Oldenburg.DE ( [134.106.53.21]) by mx.gmail.com with ESMTP id n22sm2722822nfc.2006.05.28.06.33.34; Sun, 28 May 2006 06:33:34 -0700 (PDT) From: Pascal Hofstee To: Josh Carroll In-Reply-To: <8cb6106e0605271931p55971b2bwdb311275ce21819@mail.gmail.com> References: <20060526153422.GB25953@obiwan.tataz.chchile.org> <20060526183554.25d5cc0d@kan.dnsalias.net> <20060527172358.GC25953@obiwan.tataz.chchile.org> <8cb6106e0605271931p55971b2bwdb311275ce21819@mail.gmail.com> Content-Type: text/plain Date: Sun, 28 May 2006 15:34:07 +0200 Message-Id: <1148823247.83337.7.camel@aphrodite.offis.uni-oldenburg.de> Mime-Version: 1.0 X-Mailer: Evolution 2.6.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Mon, 29 May 2006 21:21:05 +0000 Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org, Jeremie Le Hen , Alexander Kabaev Subject: Re: [fbsd] Re: Integrating ProPolice/SSP into FreeBSD X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 May 2006 14:01:20 -0000 On Sat, 2006-05-27 at 19:31 -0700, Josh Carroll wrote: > I agree that having the necessary hooks to enable/disable SSP would be > nice. It would also be nice if this can be done for ports in addition > to base. Being one of the people that extensively helped build/run-testing Jeremie's patchsets i can safely say that we went through a lot of iterations before we ended with the following functionality (which should be present in the current patchset): on CURRENT /usr/src builds use /etc/src.conf to provide make variables identical to /etc/make.conf on non-CURRENT. This way setting WITH_SSP=yes in /etc/src.conf will enable the SSP-bits for world building. Jeremie and i wanted to explicitely make enabling SSP for ports build as well as easy and straight forward as possible. To that end we made some minor changes to some of the bsd.*.mk files so that simply specifying the same WITH_SSP=yes in your /make.conf is enough for the entire ports tree to pick up the SSP settings and use them. So in short this patchset enables the following on CURRENT: /etc/src.conf WITH_SSP=yes enable SSP for buildworld /etc/make.conf WITH_SSP=yes enable SSP for port builds (not 100% sure if /etc/make.conf is processed along with /etc/src.conf here) on non-CURRENT: /etc/make.conf WITH_SSP=yes enable SSP for both buildworld and ports It couldn't get any easier than this ... i think :) -- Pascal Hofstee