Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 Nov 2016 12:32:28 +1100
From:      Dewayne Geraghty <dewaynegeraghty@gmail.com>
To:        freebsd-stable stable <freebsd-stable@freebsd.org>
Subject:   How to turn off SSP stack-protector on 11.0S
Message-ID:  <CAGnMC6oftf7%2B0CLyDWGDjh9y=3dTTpMDrS6%2BdB=%2BMBXQ6DKkPQ@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
Is WITHOUT_SSP actually honoured and is building a world and/or ports
without SSP possible? Advise/suggestions appreciated.

Amongst the 9 different server configurations that we build/support, we've
been asked to build a machine dedicated to PROLOG use.  (yes really).

As such we're trying to turn off everything that isn't needed for this
particular server.  For those concerned with security, it is an air-gap
machine receiving data via usb.

We've built/installed 11.0S from source.  Now we're building the custom
server.  However, even with WITHOUT_SSP= in both /etc/make.conf and
/etc/src.conf, we come up against little issues like:
"can not find /usr/lib/libssp_nonshared.a"

An example:
Stage 2.3: build tools
===> bin/csh (obj,build-tools)
grep 'ERR_' /usr/src/bin/csh/../../contrib/tcsh/sh.err.c | grep '^#define'
>> sh.err.h
cc -E -O2 -pipe -g0 -ggdb0 -DSTRIP_FBSDID -UDEBUGGING -UDEBUG
-DUSB_HAVE_DISABLE_ENUM -I. -I/usr/src/bin/csh
-I/usr/src/bin/csh/../../contrib/tcsh -D_PATH_TCSHELL='"/bin/csh"' -g
-std=gnu99 -Qunused-arguments
-I/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/include
/usr/src/bin/csh/../../contrib/tcsh/tc.const.c
/usr/src/bin/csh/../../contrib/tcsh/sh.char.h /usr/src/bin/csh/config.h
/usr/src/bin/csh/../../contrib/tcsh/config_f.h
/usr/src/bin/csh/../../contrib/tcsh/sh.types.h sh.err.h -D_h_tc_const |
grep 'Char STR' |  sed -e 's/Char \([a-zA-Z0-9_]*\)\(.*\)/extern Char
\1[];/' |  sort >> tc.const.h
cc -o gethost  -L/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/lib -O2
-pipe -g0 -ggdb0 -DSTRIP_FBSDID  -UDEBUGGING -UDEBUG
-DUSB_HAVE_DISABLE_ENUM -I. -I/usr/src/bin/csh
-I/usr/src/bin/csh/../../contrib/tcsh -D_PATH_TCSHELL='"/bin/csh"' -g
-std=gnu99 -Qunused-arguments
-I/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/include
/usr/src/bin/csh/../../contrib/tcsh/gethost.c
/usr/bin/ld: cannot find /usr/lib/libssp_nonshared.a
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** [gethost] Error code 1

Note the
/usr/bin/ld: cannot find /usr/lib/libssp_nonshared.a

It seems that the linker is trying to use the above library during the
build of all static images/executables.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGnMC6oftf7%2B0CLyDWGDjh9y=3dTTpMDrS6%2BdB=%2BMBXQ6DKkPQ>