Date: Wed, 25 Jun 2008 00:27:42 +0200 From: Kris Kennaway <kris@FreeBSD.org> To: Jeremie Le Hen <jeremie@le-hen.org> Cc: Ruslan Ermilov <ru@FreeBSD.org>, freebsd-arch@freebsd.org Subject: Re: Integration of ProPolice in FreeBSD Message-ID: <486174DE.4080307@FreeBSD.org> In-Reply-To: <20080609200937.GB72413@obiwan.tataz.chchile.org> References: <20080418132749.GB4840@obiwan.tataz.chchile.org> <200804181945.59189.max@love2party.net> <20080418204738.GE4840@obiwan.tataz.chchile.org> <20080419071400.GP73016@server.vk2pj.dyndns.org> <20080419074921.GI4840@obiwan.tataz.chchile.org> <20080420095911.GT5934@hoeg.nl> <f19c444a0804200320ifd64f85tbb19bcdbbb657dbb@mail.gmail.com> <20080423131720.GP92168@obiwan.tataz.chchile.org> <20080609200937.GB72413@obiwan.tataz.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeremie Le Hen wrote: > I have had little spare time lately, this is why my followup have taken > so long. > > Since this report from Antoine, my goal has been to be able to use > -fstack-protector-all when building world. I hoped it would be quite > straightforward, IOW that preventing bootstrap functions from being > protected would be enough. Unfortunately, it seems that building > libc_pic.a/libc.so with -fstack-protector-all breaks rtld in a very > twisted way that I'm unable to untangle for now. > > Nonetheless, I really want to see this patch hit the tree before 8.x is > forked off. I have existed for more than two years and I would like to > avoid delaying it futher. So I will go the easy path for now and > prevent libc from being built with -fstack-protector-all. > > Here are what haved changed since the previous patch: > - SSP is opt-out except for ia64; this is intended to trigger bugs. > However this doesn't mean it will be enabled by default in stable > releases. > - Thanks to Antoine, SSP related symbols are now compiled without stack > protection itself. This prevents a chicken and egg problem. > - lib/csu, gnu/lib/csu and libexec/rtld-elf are built without stack > protection. > > I'm looking forward for more review and testing of this patch in order > to get it committed soon. > > Ruslan, would you mind reviewing the change in bsd.own.mk as well? > > Thank you very much. > Best regards, > FYI, I did a package build with world built with this patch (but without adding -fstack-protector to CFLAGS). I didnt notice any problems. This makes me slightly suspicious, but another hypothesis is that the patch is in fact safe :-) Kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?486174DE.4080307>