Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 Nov 2016 11:22:00 +0200
From:      Konstantin Belousov <kostikbel@gmail.com>
To:        Dewayne Geraghty <dewaynegeraghty@gmail.com>
Cc:        freebsd-stable stable <freebsd-stable@freebsd.org>, toolchain@freebsd.org
Subject:   Re: How to turn off SSP stack-protector on 11.0S
Message-ID:  <20161129092200.GU54029@kib.kiev.ua>
In-Reply-To: <CAGnMC6oftf7%2B0CLyDWGDjh9y=3dTTpMDrS6%2BdB=%2BMBXQ6DKkPQ@mail.gmail.com>
References:  <CAGnMC6oftf7%2B0CLyDWGDjh9y=3dTTpMDrS6%2BdB=%2BMBXQ6DKkPQ@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 29, 2016 at 12:32:28PM +1100, Dewayne Geraghty wrote:
> Is WITHOUT_SSP actually honoured and is building a world and/or ports
> without SSP possible? Advise/suggestions appreciated.
> 
> Amongst the 9 different server configurations that we build/support, we've
> been asked to build a machine dedicated to PROLOG use.  (yes really).
> 
> As such we're trying to turn off everything that isn't needed for this
> particular server.  For those concerned with security, it is an air-gap
> machine receiving data via usb.
> 
> We've built/installed 11.0S from source.  Now we're building the custom
> server.  However, even with WITHOUT_SSP= in both /etc/make.conf and
> /etc/src.conf, we come up against little issues like:
> "can not find /usr/lib/libssp_nonshared.a"
So, does your host have /usr/lib/libssp_nonshared.a ?  How did you installed
11.0, and what does designator 11.0S above mean ?

Easy way out is to claim that r307146 should help you, but I suspect that
there is something more broken in your configuration or build/install
method.

> 
> An example:
> Stage 2.3: build tools
> ===> bin/csh (obj,build-tools)
> grep 'ERR_' /usr/src/bin/csh/../../contrib/tcsh/sh.err.c | grep '^#define'
> >> sh.err.h
> cc -E -O2 -pipe -g0 -ggdb0 -DSTRIP_FBSDID -UDEBUGGING -UDEBUG
> -DUSB_HAVE_DISABLE_ENUM -I. -I/usr/src/bin/csh
> -I/usr/src/bin/csh/../../contrib/tcsh -D_PATH_TCSHELL='"/bin/csh"' -g
> -std=gnu99 -Qunused-arguments
> -I/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/include
> /usr/src/bin/csh/../../contrib/tcsh/tc.const.c
> /usr/src/bin/csh/../../contrib/tcsh/sh.char.h /usr/src/bin/csh/config.h
> /usr/src/bin/csh/../../contrib/tcsh/config_f.h
> /usr/src/bin/csh/../../contrib/tcsh/sh.types.h sh.err.h -D_h_tc_const |
> grep 'Char STR' |  sed -e 's/Char \([a-zA-Z0-9_]*\)\(.*\)/extern Char
> \1[];/' |  sort >> tc.const.h
> cc -o gethost  -L/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/lib -O2
> -pipe -g0 -ggdb0 -DSTRIP_FBSDID  -UDEBUGGING -UDEBUG
> -DUSB_HAVE_DISABLE_ENUM -I. -I/usr/src/bin/csh
> -I/usr/src/bin/csh/../../contrib/tcsh -D_PATH_TCSHELL='"/bin/csh"' -g
> -std=gnu99 -Qunused-arguments
> -I/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/include
> /usr/src/bin/csh/../../contrib/tcsh/gethost.c
> /usr/bin/ld: cannot find /usr/lib/libssp_nonshared.a
> cc: error: linker command failed with exit code 1 (use -v to see invocation)
> *** [gethost] Error code 1
> 
> Note the
> /usr/bin/ld: cannot find /usr/lib/libssp_nonshared.a
> 
> It seems that the linker is trying to use the above library during the
> build of all static images/executables.

P.S. Toolchain@ is the place where you more likely to get a useful feedback.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161129092200.GU54029>