.freebsd.org (Postfix) with ESMTPS id 4Vf1Kb0ZNdz4m0P for ; Tue, 14 May 2024 16:00:35 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-io1-xd2a.google.com with SMTP id ca18e2360f4ac-7e1d0a674bfso95138939f.1 for ; Tue, 14 May 2024 09:00:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1715702433; x=1716307233; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=sdqfiqms5IDdEUD/ABEkjHBxLok3np4VzUZB/xhff3o=; b=jPYdJ71Kj55CqEioddgqC3nbNX543kGjFVKn70x9eo7wNlw8YgiCNVJBrVnvVgZWvL udolY/H/EToaGKFQ4Ms2XcgxMPEtWD/3PDwQdQHl+ngX8KWb4rHL8t8QYXP+VAjriEFi kFKta7DAoNkbZ24592c7hQbzoeRm7IFd86u7rM29gCgVECkC6k8xMQeWqWxN/57Tsm8a JMBvMgdKsVrtCafJyJ3j4LnEhgVECXCtnueDJsUv6+LVTgxsrfrBWOl6ebQhWpldzuVv Va0CEwqR0GsBuhvW+15s8hdzRjBUurBN0WJin+Hq2JAvhwViRoXgDuDhJHYGQudlUu7+ qF+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715702433; x=1716307233; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=sdqfiqms5IDdEUD/ABEkjHBxLok3np4VzUZB/xhff3o=; b=f/LOch/VhikOrDV6DA6aI5lwkuiw0X54ImPlDVirCveGC5je9JXmb2/KO6CIg8UWPe QcjdOEtrpBONMTmDjdK1wgWVYSqU5BngKnPhXyB95PpHvZlKlW1cFXhVkpdMQioF6Yd6 CVbLX6yXc6111EZHIyIdmBiqTaELRLw6A8PfVfvPcnMZoe6xq22h0HX/uItIegNLFtp2 RD/eXeUiULASLJH3lI/NyHHZm4+DaIqUgdCAeZ0v4CQklSY5BSRE0BmpFA/yindKN8wz +KaJXOuh2Fl6s7EWCsOQfqzb8sW5iR5awPud0y69imRmwghCo6rESFPJTi59A+YQBXNZ p4nQ== X-Forwarded-Encrypted: i=1; AJvYcCUjjRwMBh2evpw/hF6UeDvaH1CUjeJJnCeWfJPXX/4Zisj0hr4tLJuEWcDsJr/bKEPYfOdGQPy0uxpucHaJzUq+bW3GI+lb+MCXYxs= X-Gm-Message-State: AOJu0YwghPwy5ptqd3ycuS/ToFzU+ZYmaRSyg9WHca9gUk5y7s9S5IU0 HhoDwtd/mSO2BQyQnYWPhECZVaANWrusrU3EZzMKvYJjq1mZutZG5sNuXmH9Kc0= X-Google-Smtp-Source: AGHT+IFQaO6eCxGV7aNcH9xnKE5fAOCelVNF24605prgHSUnbKS/gatqRRRvrQ53WsIZnQSDg/4cVQ== X-Received: by 2002:a6b:7b4a:0:b0:7e1:ba52:7e2e with SMTP id ca18e2360f4ac-7e1ba527f17mr1070457339f.9.1715702432109; Tue, 14 May 2024 09:00:32 -0700 (PDT) Received: from mutt-hbsd ([184.99.37.29]) by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-489376dc990sm3090783173.126.2024.05.14.09.00.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 May 2024 09:00:29 -0700 (PDT) Date: Tue, 14 May 2024 16:00:26 +0000 From: Shawn Webb To: Alexander Leidinger Cc: Kyle Evans , Tomoaki AOKI , Cy Schubert , "freebsd-hackers@FreeBSD.org" Subject: Re: Initial implementation of _FORTIFY_SOURCE Message-ID: X-Operating-System: FreeBSD mutt-hbsd 15.0-CURRENT-HBSD FreeBSD 15.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <20240513180924.29C872B4@slippy.cwsent.com> <20240514080517.36f218aa3a054aa2cba99b0d@dec.sakura.ne.jp> <9d4a06bc-44fd-4e9a-8615-cd71127fc90e@FreeBSD.org> <5544c172efe031ecdbabd2a93980cdd5@Leidinger.net> List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="bk7rzmbuwmjw54qv" Content-Disposition: inline In-Reply-To: <5544c172efe031ecdbabd2a93980cdd5@Leidinger.net> X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4Vf1Kb0ZNdz4m0P --bk7rzmbuwmjw54qv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, May 14, 2024 at 09:21:09AM +0200, Alexander Leidinger wrote: > Am 2024-05-14 05:16, schrieb Kyle Evans: > > On 5/13/24 18:05, Tomoaki AOKI wrote: > > > On Mon, 13 May 2024 18:57:26 +0000 > > > Shawn Webb wrote: > > >=20 > > > > On Mon, May 13, 2024 at 11:09:24AM -0700, Cy Schubert wrote: > > > > > In message > > > > > , Kyle > > > > > Evans > > > > > write > > > > > s: > > > > > > Hi, > > > > > >=20 > > > > > > As of 9bfd3b407 ("Add a build knob for > > > > > > _FORTIFY_SOURCE"), I've imported > > > > > > an initial version of FORTIFY_SOURCE from FreeBSD. > > > > > > FORTIFY_SOURCE is an > > > > > > improvement over classical SSP, doing compiler-aided > > > > > > checking of stack > > > > > > object sizes to detect more fine-grained stack overflow > > > > > > without relying > > > > > > on the randomized stack canary just past the stack frame. > > > > > >=20 > > > > > > This implementation is not yet complete, but we've done a revie= w of > > > > > > useful functions and syscalls to add checked variants of > > > > > > and intend to > > > > > > complete the implementation over the next month or so. > > > > > >=20 > > > > > > Please test _FORTIFY_SOURCE out now by setting > > > > > > FORTIFY_SOURCE=3D2 in the > > > > > > buildworld env -- I intend to flip the default to 2 when > > > > > > WITH_SSP is set > > > > > > in the next month if nobody complains about serious breakage. = I've > > > > > > personally been rolling with FORTIFY_SOURCE=3D2 for the > > > > > > last three years > > > > > > that this has been sitting in a local branch, so I don't really > > > > > > anticipate any super-fundamental breakage. > > > > >=20 > > > > > Should this trigger a __FreeBSD_version bump? > > > >=20 > > > > I would encourage that so to help the ports tree determine > > > > availability of the import. > > >=20 > > > If it can be enabled/disabled with sysctls/tunables on > > > runtime/boottime, > > > bump should be preferred. Maybe this isn't yet the case here, IIUC. > > >=20 > > > But if it could be done only on build time with WITH_ or WITHOUT_ knob > > > ad not yet enabled by default for now, now ins't the time to bump. > > > Bump should be done when it becomes to be built by default. > > >=20 > > > Bump for non-default build time knob should force poudriere[-devel] > > > users massive unneeded rebuilds. So should be avoided, if it still > > > cannot switch on boot or runtime. > > >=20 > >=20 > > It's strictly build time, and I didn't really see the value in bumping > > __FreeBSD_version for it. I don't see any reason to, e.g., turn it into > > a per-port option that we may not want to have if the feature isn't > > there, and the knob to build it in is a preprocessor define that's > > harmless if the feature isn't actually available. >=20 > Ports: We have WITH_PIE, WITH_BIND_NOW and WITH_RELRO (e.g. for make.conf) > which enables those build time options globally. Ports then can have e.g. > PIE_UNSAFE=3Dyes to opt-out of WITH_PIE builds. I think it would be benef= icial > if we get something similar for FORTIFY. I already use all of the afore > mentioned options in my own builds (and have provided NO_PIE hints where = it > fails), and I would surely give a similar FORTIFY option a try. >=20 > On a somewhat related note, has someone already played with CFI > (https://clang.llvm.org/docs/ControlFlowIntegrity.html)? HardenedBSD applies non-Cross-DSO CFI to (nearly) all applications in base and has some integration in ports, with a few ports opting into CFI. Feel free to reach out directly to me for specific questions so that we don't get off-topic for this mailing list thread. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --bk7rzmbuwmjw54qv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmZDio8ACgkQ/y5nonf4 4fqTSBAAgw3oQ5FXevxnUxaDza5dIGTr5iNYrPxIKEaFRAykyHCNSkrI0LX6O0bL 3IkrRYTKHosfzsUPanY8aOAv4Fmh1BNW6x2/je2aIjQf8j8O82sV/7RFSWjANN56 sm0aTWn/8i9b77f3ua4GgZ33aK8ZZ57yU98tQiHFEYfbx/fwkniC2xxmMPaVLex2 Pt//VARBd5EeiMgJgkdlsk/qByN3eCA8YVAw+k71FJ5z/9NidDcEzspgxS4B5yRr P/bx3KMrCtUTZkgAHyfLL1SSH+KFXA4Ci0fDNOE82hp4VtAtQMBMVp8JniPZTvz3 w3bEH2XejytOJQEBX9jT5slF2ZCCSQz7aB3K+3FrgBR22RtKYFZRhxPIkTv0AHVm xahxJd0n50s4oObbTyRgKPoecwdNjAkVMCRDLi5Au25rX3ZxACDWe/Dc/vWkyKva MpB/nthqxYn69wn9d/WOjlEQFQaYdv8rMvKAY8niTW6G/hxLA36IwKoJx+KDtTqW SxFcuZr4wTDCniCbefi09Qig/5JjI3yorhDis7hcjtlYC+dcM5TxvS8fe1Qh6HwP LIvHiFhvIjrD3Nwhqmd49jUxHKVNCQ9CFwR9WB7bjaZd71c+bTVsEOfRqXFHIt8I Va1Y7Qt5cYr9ThGKM+qbDaa0rCtGe2icn3sHvtZV8SLRS+FVkkw= =+GJW -----END PGP SIGNATURE----- --bk7rzmbuwmjw54qv--