Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Jun 2008 18:27:30 +0100 (BST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Jeremie Le Hen <jeremie@le-hen.org>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Integration of ProPolice in FreeBSD
Message-ID:  <20080614182623.F66582@fledge.watson.org>
In-Reply-To: <20080612184237.GC15774@obiwan.tataz.chchile.org>
References:  <20080612184237.GC15774@obiwan.tataz.chchile.org>

next in thread | previous in thread | raw e-mail | index | archive | help

On Thu, 12 Jun 2008, Jeremie Le Hen wrote:

> (This mail has already been sent to -arch@.  I'm sending it here now for a 
> wider audience because I really need testers.)

Dear Jeremie,

Unfortunately, I can't lend my hands to this project as they're currently full 
of other stuff. However, I would really be very pleased to see is [finally] 
ship a release with ProPolice enabled.  We're definitely trailing the pack in 
this regard, and I think it's bad practice to not ship with what are 
considered industry-standard protections here.  Thanks for your work on this!

Robert N M Watson
Computer Laboratory
University of Cambridge

>
> On Wed, Apr 23, 2008 at 03:17:20PM +0200, Jeremie Le Hen wrote:
>> Hi Antoine,
>>
>> On Fri, Apr 18, 2008 at 04:37:06PM +0200, Antoine Brodin wrote:
>>> Last time I looked at your patch, there was a problem when using
>>> -fstack-protector-all instead of -fstack-protector:
>>> when you compile lib/csu/*, gnu/lib/csu/*, or
>>> src/lib/libc/sys/stack_protector.c with this flag, there is a kind of
>>> chicken/egg problem and you end up with an unusable world.
>>> That said, it would be great to be able to compile world with SSP when
>>> an option is set in src.conf.
>>
>> You were right.  I had a chance to test it this weekend.  Thank you for
>> pointing this out.
>
> I have had little spare time lately, this is why my followup have taken
> so long.
>
> Since this report from Antoine, my goal has been to be able to use
> -fstack-protector-all when building world.  I hoped it would be quite
> straightforward, IOW that preventing bootstrap functions from being
> protected would be enough.  Unfortunately, it seems that building
> libc_pic.a/libc.so with -fstack-protector-all breaks rtld in a very
> twisted way that I'm unable to untangle for now.
>
> Nonetheless, I really want to see this patch hit the tree before 8.x is
> forked off.  I have existed for more than two years and I would like to
> avoid delaying it futher.  So I will go the easy path for now and
> prevent libc from being built with -fstack-protector-all.
>
> Here are what haved changed since the previous patch:
> - SSP is opt-out except for ia64; this is intended to trigger bugs.
>  However this doesn't mean it will be enabled by default in stable
>  releases.
> - Thanks to Antoine, SSP related symbols are now compiled without stack
>  protection itself.  This prevents a chicken and egg problem.
> - lib/csu, gnu/lib/csu and libexec/rtld-elf are built without stack
>  protection.
>
> I'm looking forward for more review and testing of this patch in order
> to get it committed soon.
>
> Ruslan, would you mind reviewing the change in bsd.own.mk as well?
>
> Thank you very much.
> Best regards,
> -- 
> Jeremie Le Hen
> < jeremie at le-hen dot org >< ttz at chchile dot org >
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080614182623.F66582>