Re: Activating libssp

Wed, 30 May 2012 00:20:36 -0700 

Mel,

On Tue, May 29, 2012 at 02:54:06PM +0200, Mel Flynn wrote:
> On 28-5-2012 23:22, Jeremie Le Hen wrote:
> > 
> > I'm not sure what you mean, but -fstack-protector is documented in GCC
> > documentation, I suppose it's the same for Clang but I didn't check.
> > You can disable it on FreeBSD by setting WITHOUT_SSP in src.conf(5).
> 
> Right, I wasn't very clear with that, so let me clarify:
> - _FORTIFY_SOURCE is used in /usr/include/ssp/ssp.h
> - There is a shared library /lib/libssp.so
> - In the sources of the software there is no mention of ssp.h or -lssp
> - In the sources of the software there are conditionals based on
> _FORTIFY_SOURCE being defined.
> 
> So, for me as port maintainer, it looks as though adding
> -D_FORTIFY_SOURCE=2 does absolutely nothing for the software, unless I
> also #include <ssp/ssp.h> and add -lssp to LDFLAGS, unless there's some
> magic in libc or the compiler that activates bits and overrides the
> definitions for the symbols.
> Based on the commit message, I assume that adding _FORTIFY_SOURCE to
> CFLAGS does nothing, as the actual setting of this flag is compiled into
> libc.
> And -fstack-protector tells the compiler to activate the stack protector
> callbacks that are again, implemented in libc. Without this, they won't
> be activated. Does this sound correct?

This is correct.  The only way to activate SSP is to use
-fstack-protector (or -fstack-protector-all).  In the near future I
intend to add a knob to enable this on all ports (at least on all which
honor our CFLAGS), but this requires a patch to the base system which,
in turn, requires an exp run before being committed (requested in PR
168010).

So I would advice you not wasting your time to enable SSP on a per-port
basis unless you have a strong need for it.  Simply ensure that it
honors CFLAGS and hopefully this will be turned on before the end of
summer.

-- 
Jeremie Le Hen

Men are born free and equal.  Later on, they're on their own.
                                Jean Yanne
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"

Reply via email to