From owner-freebsd-ports@freebsd.org Wed Sep 2 15:12:44 2015 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 18E7C9C91C3 for ; Wed, 2 Sep 2015 15:12:44 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: from mail-wi0-x22f.google.com (unknown [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9C108695; Wed, 2 Sep 2015 15:12:43 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: by wicfx3 with SMTP id fx3so21164048wic.1; Wed, 02 Sep 2015 08:12:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=DKqyogEctVMnqfnxT+eZHIyRpCgzNkrgK8GCKzniXxQ=; b=hOou0PXWhXlifoAvfBURDmMeKDWrs5qe618BTZ9yRLhhqBmyYiO2QVfJ3cdBp8J9d2 7YH2jRyGRRaQAB3ei0wwyTsQduBaxbzJDsQFc7XWHAhzhcN/dsBMAmKSog1IOihQIhY/ oROGnLMkjqt8CHlnOac8G3hAbq1ymPyqzTrW9MPfavR3rRL6xG2I9CwyedkUIiFyp9zc 0awCzqL5HsBxyvX19S8m1OP/clLVbzs09k6wdzrsPLAb5Hw53pyjGVpoVX7+/2yC3Gag TmhU18blcsojj9ldwzeTKnI9CfdWcue7Lcziko4JGyV+nHB3TeO0nwl8BLVid0nTkAcT L+Pg== X-Received: by 10.180.19.9 with SMTP id a9mr4807717wie.5.1441206761972; Wed, 02 Sep 2015 08:12:41 -0700 (PDT) Received: from ivaldir.etoilebsd.net ([2001:41d0:8:db4c::1]) by smtp.gmail.com with ESMTPSA id v8sm32906499wjr.15.2015.09.02.08.12.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Sep 2015 08:12:41 -0700 (PDT) Sender: Baptiste Daroussin Date: Wed, 2 Sep 2015 17:12:39 +0200 From: Baptiste Daroussin To: Pedro Giffuni Cc: freebsd-ports@FreeBSD.org, Oliver Pinter Subject: Re: [CFdiscussion] ports and FORTIFY_SOURCE Message-ID: <20150902151239.GE61752@ivaldir.etoilebsd.net> References: <55E49E1E.2080005@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="lteA1dqeVaWQ9QQl" Content-Disposition: inline In-Reply-To: <55E49E1E.2080005@FreeBSD.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Sep 2015 15:12:44 -0000 --lteA1dqeVaWQ9QQl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 31, 2015 at 01:34:06PM -0500, Pedro Giffuni wrote: > Dear ports developers; >=20 > This year I mentored Oliver Pinter's GSoC project [1] to port > FORTIFY_SOURCE to FreeBSD. The project was more complex than we > thought initially but it was successful. >=20 > For those of you that haven't heard of it, it's a trick supported by=20 > libc to enable bounds-checking on common string and memory functions. > The code has gone through extensive testing with both clang and the > base gcc. It should work fine with newer gcc but it is untested there. >=20 > To activate it you will just need to add -D_FORTIFY_SOURCE=3D1 (or 2) in > the CFLAGS and that will transparently add the extra checks. The code > is non invasive but some ports (firefox, emacs) actually choose to run > with this flag on by default and an exp-run found some errors in those > cases. >=20 > There are currently two remaining PRs with patches for mail/ifile=20 > (202572) and net-p2p/namecoin (2012603), getting those committed soon > would avoid traumas in the ports tree once FORTIFY_SOURCE is committed. >=20 > In the future it would be nice to support a flag within ports to enable > or disable this extra flag for specific ports. I am unsure exactly how > to do it, it could be something as simple as >=20 > USE_FORTIFY=3D yes > or as complex as > USES=3D compiler:fortify=3D0 > (0 disables it, 1 is standard for clang. 2 is standard for gcc) >=20 IMHO it should be done the exact same way as SSP was added. meaning always activated and ports that are not playing safely with it should explicitly disable it via: FORTIFY_UNSAFE=3Dyes and a WITHOUt_FORTIFY (like we have a WITHOUT_SSP) should be added for peop= le willing to entirely remove it. Bapt --lteA1dqeVaWQ9QQl Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlXnEecACgkQ8kTtMUmk6EwQdgCffT7vMVak+Dz160XaM6Fej66S jnYAn22ast2/OmH+HZ8W22WTHFYLFzes =UuRe -----END PGP SIGNATURE----- --lteA1dqeVaWQ9QQl--