SafeStack in base
Shawn Webb
shawn.webb at hardenedbsd.org
Thu Jul 28 00:15:18 UTC 2016
On Wed, Jul 27, 2016 at 05:11:12PM -0700, Conrad Meyer wrote:
> On Wed, Jul 27, 2016 at 5:05 PM, Shawn Webb <shawn.webb at hardenedbsd.org> wrote:
> > On Wed, Jul 27, 2016 at 05:02:07PM -0700, Conrad Meyer wrote:
> >> The problem appears to be an upstream limitation of
> >> -fsanitize=safe-stack: "Most programs, static libraries, or individual
> >> files can be compiled with SafeStack as is. ??? Linking a DSO with
> >> SafeStack is not currently supported." [0]
> >>
> >> That probably needs to be addressed upstream before it can be enabled globally.
> >
> > Gotcha. If I'm reading correctly, then, SafeStack can only be enabled in
> > bsd.prog.mk (and _not_ bsd.lib.mk). Is that correct?
>
> That is my reading of the page. I'll admit my total experience with
> -fsanitize=safe-stack is limited to glancing at the web page 5 minutes
> ago, so don't consider my take authoritative.
Doing a test build right now with SafeStack enabled only in bsd.prog.mk.
I'll report back with results tonight or tomorrow.
Thanks again,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20160727/02442b95/attachment.sig>
More information about the freebsd-current
mailing list