SafeStack in base
Shawn Webb
shawn.webb at hardenedbsd.org
Wed Jul 27 22:55:31 UTC 2016
Hey All,
I'm interested in getting SafeStack working in FreeBSD base. Below is a
link to a simplistic (maybe too simplistic?) patch to enable SafeStack.
The patch applies against HardenedBSD's hardened/current/master branch.
Given how simple the patch is, it'd be extremely easy to port over to
FreeBSD (just line numbers would change).
I am running into a bit of a problem, though. When linking
lib/libcom_err, I get the following error:
com_err.So: In function `com_err':
/usr/src/lib/libcom_err/../../contrib/com_err/com_err.c:100: undefined reference to `__safestack_unsafe_stack_ptr'
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** [libcom_err.so.5.full] Error code 1
llvm's documentation says that SafeStack has been tested on FreeBSD.
When and how was it tested? Apparently someone has done some work to
enable it on FreeBSD, but I can't find any relevant FreeBSD-specific
documentation.
If someone could point me in the right direction, I'd love to help get
SafeStack working (and commited?) in FreeBSD.
Link to simplistic patch: http://ix.io/186A
Link to build log: https://gist.github.com/lattera/5d94f44a5f3e10a28425cd59104dd169
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20160727/d7a83e19/attachment.sig>
More information about the freebsd-current
mailing list