[CFT/HEADSUP] Ports now have Stack Protector support
Bryan Drewery
bdrewery at FreeBSD.org
Sun Sep 22 00:28:33 UTC 2013
On 9/21/2013 5:47 AM, Bryan Drewery wrote:
> Ports now support enabling Stack Protector [1] support on FreeBSD 10
> i386 and amd64, and older releases on amd64 only currently.
>
> Support may be added for earlier i386 releases once all ports properly
> respect LDFLAGS.
>
> To enable, just add WITH_SSP=yes to your make.conf and rebuild all ports.
Please use WITH_SSP_PORTS now. WITH_SSP will hit some issues when
running 'make installworld'. I have a pending fix for that for current,
but it will still be an issue in existing releases / 9.2.
>
> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all
> may optionally be set instead.
>
> Please help test this on your system. We would like to eventually enable
> this by default, but need to identify any major ports that have run-time
> issues due to it.
>
> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection
>
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20130921/edc85a4a/attachment.sig>
More information about the freebsd-ports
mailing list