I did not know a battle was even being fought. :-)
I'd like to give a little hypothetical as to why I think these
features are complementary to each other.
The primary goal of SafeStack is to protect the control flow. This
means putting spillable data in a separate stack, named the unsafe
stack.
Hmm... well.
In all honesty I understand I am doomed to lose this battle :).FORTIFY_SOURCE
is in linux and in Apple and that weights enough that it had to find it's way
to FreeBSD sooner or later. Plus I am just not much involved in FreeBSD or OSs
anymore so I don't feel like stopping other peo
For the record ...
When I was working on this, the default compiler on FreeBSD was still GCC 42
and the static checks worked fine with it but not on clang. The runtime checks
worked fine on both.
Pedro.
On Sunday, May 19, 2024 at 12:11:15 AM GMT-5, Jörg Sonnenberger
wrote:
On Sunday
On 5/18/24 23:39, Pedro Giffuni wrote:
FWIW .. and let me be clear I haven't worked on this in ages and I am
not planning to retake this either...
clang just couldn't do the static fortify_source checks due to the way
llvm uses an intermediate representation; the size just couldn't be
handl
On Sunday, May 19, 2024 6:39:59 AM GMT+2 Pedro Giffuni wrote:
> FWIW .. and let me be clear I haven't worked on this in ages and I am not
> planning to retake this either...
> clang just couldn't do the static fortify_source checks due to the way llvm
> uses an intermediate representation; the
On Sat, May 18, 2024 at 09:08:48PM -0500, Kyle Evans wrote:
>
>
> On 5/18/24 20:09, Pedro Giffuni wrote:
> > (sorry for top posting .. my mailer just sucks)
> > Hi;
> >
> > I used to like the limited static checking FORTIFY_SOURCE provides and
> > when I ran it over FreeBSD it did find a couple
On 5/18/24 20:09, Pedro Giffuni wrote:
(sorry for top posting .. my mailer just sucks)
Hi;
I used to like the limited static checking FORTIFY_SOURCE provides and
when I ran it over FreeBSD it did find a couple of minor issues. It only
works for GCC though.
I don't think this is particul
(sorry for top posting .. my mailer just sucks)Hi;
I used to like the limited static checking FORTIFY_SOURCE provides and when I
ran it over FreeBSD it did find a couple of minor issues. It only works for GCC
though.
I guess it doesn't really hurt to have FORTIFY_SOURCE around and NetBSD had the
On May 18, 2024 13:42, Pedro Giffuni wrote:
Oh no .. please not...We went into that in a GSoC:https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensionsUltimately it proved to be useless since stack-protector-strong.Respectfully, I disagree with your conclusion here:1.) _FORTI
It was just pointed out to me this sounded insulting .. for which I am sorry.
It's been almost 10 years since I last looked at it and it is disappointing to
see my almost-mistake happening. This was a lot of work by Kyle and I didn't
mean to be dismissive of it.
So ]I'll just shudup and creep ba
Oh no .. please not...
We went into that in a GSoC:
https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions
Ultimately it proved to be useless since stack-protector-strong.
The NetBSD code was not well adapted to clang either.
Ask me more if you really want to dig into it, but we
The branch main has been updated by kevans:
URL:
https://cgit.FreeBSD.org/src/commit/?id=be04fec42638f30f50b5b55fd8e3634c0fb89928
commit be04fec42638f30f50b5b55fd8e3634c0fb89928
Author: Kyle Evans
AuthorDate: 2024-05-13 05:23:49 +
Commit: Kyle Evans
CommitDate: 2024-05-13 05:23:49
12 matches
Mail list logo
