Date: Wed, 20 Aug 2014 14:40:05 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Matthias Andree <mandree@FreeBSD.org>, ports-list freebsd <freebsd-ports@freebsd.org> Subject: Re: [CFT] SSP Package Repository available Message-ID: <53F4F995.2050308@FreeBSD.org> In-Reply-To: <53F4F663.7070507@FreeBSD.org> References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> <53F4F663.7070507@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--SuAtXXodTxVrqrE62Q5CsQdtcvr2xVtD8
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 8/20/2014 2:26 PM, Matthias Andree wrote:
> Am 20.08.2014 um 18:34 schrieb Bryan Drewery:
>=20
>> We have not had any feedback on this yet and want to get it enabled by=
>> default for ports and packages.
>=20
> Oops. Sorry about being silent about that;
> I did enable WITH_SSP_PORTS=3Dyes right after the original announcement=
on
> my main 9.3-amd64 development machine (run mostly headless, but it does=
> have a full GNOME2 install) without ill effects, so at least it does no=
t
> appear to jam everything right away, and given that Fedora is using it
> and they are rather talkative to upstreams about bugs, you'd think most=
> packages that have issues are fixed now.
Yeah I am sure it will largely be fine as well. I just worry about some
sloppy coding breaking some popular port, or some clever hack that
results in crashing with SSP.
I also have this vague worry that something might break if the system is
half using SSP. Given the linker script on 10 (cat cat /usr/lib/libc.so)
though I think it is definitely safe there.
Given the feedback already I am confident we'll enable it by default in
a few weeks. Too much moving right now to do it now though.
This will also free up a lot of resources for other package building
opportunities.
>=20
>=20
> Is there any way we can detect the effects of -fstack-protector from th=
e
> resulting executable, with peeking at objdump output? Like so:
>=20
> $ objdump -R /usr/local/bin/twolame | grep stack_chk
> 0000000000605ce0 R_X86_64_COPY __stack_chk_guard
> 00000000006053b0 R_X86_64_JUMP_SLOT __stack_chk_fail
>=20
> Should we have stage-qa - at least in DEVELOPER=3Dyes WITH_SSP_PORTS=3D=
yes
> mode - check that either -fstack-protector{,-all,-strong} actually
> propagated through the build system?
I like that idea for a warning. We would have to ensure only ELF files
are checked and probably exp-run it to avoid other false-positives.
--=20
Regards,
Bryan Drewery
--SuAtXXodTxVrqrE62Q5CsQdtcvr2xVtD8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
iQEcBAEBAgAGBQJT9PmVAAoJEDXXcbtuRpfP3NUH/1S6imxwXMj0vnVDqvUqv9GD
OF7v7eJcNmR+U3sJIphOHNJRrrvGxT0fKAYG7f1FtaOhGfmkoIb9pl4SdE31FN9v
bIeOTs1Xix5FAsICE4m16Atf6daqivJzSWmq6PyBYBItLW8P+L8IV60jKdgrjRss
lvocSyI/Z1Tf7I4+UNcB2dhPcaANpz8qsGnHaKiNcrXoCwM4mn5dTgpc27E7UvFC
qeYdkRcQayCoTjOe9ssD/PwnCZrxUh5swop2FeYzfsVy4S1Zuc/4h8tS+0MMrK7F
tNFciRONGT9MnzrYqmkOP/8SCo1Avb4JbBVVo0J+1OsgBoLU2y6qbMao8K5bjKk=
=aEBj
-----END PGP SIGNATURE-----
--SuAtXXodTxVrqrE62Q5CsQdtcvr2xVtD8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53F4F995.2050308>