Hi, Big thanks to the folks who made "make buildworld" to use -fstack-protector by default since 8.0. This should make FreeBSD more secure.
How about the ports system? I tried to re-build all my ports some time ago with the stack-protector enabled by adding -fstack-protector in CFLAGS in /etc/make.conf. Most ports build & work fine with this enabled, but there are several exceptions. Some libraries cannot be compiled with this (either the build fails or linking other programs which use the library later fail). Also some programs that do strange things fail to build or run. IMHO it would make sense to make some sort of framework in the ports system to support this. I think there should be a port Makefile knob which tells if the port can be built with the stack-protector or not. Now it is difficult to determine on port-by-port basis if it can be enabled or not. Is there any work or plans to accomplish this? It would be great to compile at least all the network facing server programs with this enabled. I have an impression that more than 90% of programs can be compiled with the stack-protector. For libraries the percentage might be less. What do you think? Best Regards, -- Janne Snabb / EPIPE Communications sn...@epipe.com - http://epipe.com/ _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
