diff options
| author | ru <ru@FreeBSD.org> | 2008-06-25 21:33:28 +0000 |
|---|---|---|
| committer | ru <ru@FreeBSD.org> | 2008-06-25 21:33:28 +0000 |
| commit | 8735fdbd4ceeb78442804b393d49f5e7f56c1967 (patch) | |
| tree | 3821989620f33150162837ccfad067791bb346ca /gnu | |
| parent | 762f29e950fd1511beb76c95c5014bb779d4f5ed (diff) | |
| download | FreeBSD-src-8735fdbd4ceeb78442804b393d49f5e7f56c1967.zip FreeBSD-src-8735fdbd4ceeb78442804b393d49f5e7f56c1967.tar.gz | |
Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/lib/Makefile | 6 | ||||
| -rw-r--r-- | gnu/lib/csu/Makefile | 1 | ||||
| -rw-r--r-- | gnu/lib/libssp/Makefile | 1 |
3 files changed, 3 insertions, 5 deletions
diff --git a/gnu/lib/Makefile b/gnu/lib/Makefile index 0db955f..00b77e2 100644 --- a/gnu/lib/Makefile +++ b/gnu/lib/Makefile @@ -2,7 +2,7 @@ .include <bsd.own.mk> -SUBDIR= csu libgcc libgcov libdialog libgomp libregex libreadline +SUBDIR= csu libgcc libgcov libdialog libgomp libregex libreadline libssp # libsupc++ uses libstdc++ headers, although 'make includes' should # have taken care of that already. @@ -14,8 +14,4 @@ SUBDIR+= libstdc++ libsupc++ SUBDIR+= libobjc .endif -.if ${MK_SSP} != "no" -SUBDIR+= libssp -.endif - .include <bsd.subdir.mk> diff --git a/gnu/lib/csu/Makefile b/gnu/lib/csu/Makefile index 63cd02a..6a27969 100644 --- a/gnu/lib/csu/Makefile +++ b/gnu/lib/csu/Makefile @@ -19,6 +19,7 @@ CFLAGS+= -I${GCCLIB}/include -I${GCCDIR}/config -I${GCCDIR} -I. \ -I${CCDIR}/cc_tools CRTS_CFLAGS= -DCRTSTUFFS_O -DSHARED ${PICFLAG} MKDEP= -DCRT_BEGIN +WITHOUT_SSP= .if ${MACHINE_ARCH} == "ia64" BEGINSRC= crtbegin.asm diff --git a/gnu/lib/libssp/Makefile b/gnu/lib/libssp/Makefile index 90f2a8a..4f6170e 100644 --- a/gnu/lib/libssp/Makefile +++ b/gnu/lib/libssp/Makefile @@ -10,6 +10,7 @@ LIB= ssp SHLIB_MAJOR= 0 SHLIBDIR?= /lib NO_PROFILE= +WITHOUT_SSP= SRCS= ssp.c gets-chk.c memcpy-chk.c memmove-chk.c mempcpy-chk.c \ memset-chk.c snprintf-chk.c sprintf-chk.c stpcpy-chk.c \ |
