summaryrefslogtreecommitdiffstats
path: root/sys/conf
diff options
context:
space:
mode:
authorru <ru@FreeBSD.org>2008-06-25 21:33:28 +0000
committerru <ru@FreeBSD.org>2008-06-25 21:33:28 +0000
commit8735fdbd4ceeb78442804b393d49f5e7f56c1967 (patch)
tree3821989620f33150162837ccfad067791bb346ca /sys/conf
parent762f29e950fd1511beb76c95c5014bb779d4f5ed (diff)
downloadFreeBSD-src-8735fdbd4ceeb78442804b393d49f5e7f56c1967.zip
FreeBSD-src-8735fdbd4ceeb78442804b393d49f5e7f56c1967.tar.gz
Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be turned opt-in for stable branches depending on the consensus. You can turn it off with WITHOUT_SSP. - WITHOUT_SSP was previously used to disable the build of GNU libssp. It is harmless to steal the knob as SSP symbols have been provided by libc for a long time, GNU libssp should not have been much used. - SSP is disabled in a few corners such as system bootstrap programs (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves. - It should be safe to use -fstack-protector-all to build world, however libc will be automatically downgraded to -fstack-protector because it breaks rtld otherwise. - This option is unavailable on ia64. Enable GCC stack protection (aka Propolice) for kernel: - It is opt-out for now so as to give it maximum testing. - Do not compile your kernel with -fstack-protector-all, it won't work. Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
Diffstat (limited to 'sys/conf')
-rw-r--r--sys/conf/files2
-rw-r--r--sys/conf/kern.mk7
-rw-r--r--sys/conf/kern.pre.mk5
3 files changed, 10 insertions, 4 deletions
diff --git a/sys/conf/files b/sys/conf/files
index d558abd..9261e2e 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -1608,6 +1608,8 @@ kern/posix4_mib.c standard
kern/sched_4bsd.c optional sched_4bsd
kern/sched_ule.c optional sched_ule
kern/serdev_if.m standard
+kern/stack_protector.c standard \
+ compile-with "${NORMAL_C:N-fstack-protector*}"
kern/subr_acl_posix1e.c standard
kern/subr_autoconf.c standard
kern/subr_blist.c standard
diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk
index 9583f69..3741906 100644
--- a/sys/conf/kern.mk
+++ b/sys/conf/kern.mk
@@ -106,3 +106,10 @@ CFLAGS+= -ffreestanding
.if ${CC} == "icc"
CFLAGS+= -restrict
.endif
+
+#
+# GCC SSP support.
+#
+.if ${MK_SSP} != "no" && ${CC} != "icc" && ${MACHINE_ARCH} != "ia64"
+CFLAGS+= -fstack-protector
+.endif
diff --git a/sys/conf/kern.pre.mk b/sys/conf/kern.pre.mk
index edfcb08..770f3ca 100644
--- a/sys/conf/kern.pre.mk
+++ b/sys/conf/kern.pre.mk
@@ -3,10 +3,7 @@
# Part of a unified Makefile for building kernels. This part contains all
# of the definitions that need to be before %BEFORE_DEPEND.
-SRCCONF?= /etc/src.conf
-.if exists(${SRCCONF})
-.include "${SRCCONF}"
-.endif
+.include <bsd.own.mk>
# Can be overridden by makeoptions or /etc/make.conf
KERNEL_KO?= kernel
OpenPOWER on IntegriCloud