[Bug 284270] Add new features fortify, stack_autoinit and zeroregs

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 284270] Add new features stack_autoinit and zeroreg"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 24 May 2025 18:21:57 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284270

--- Comment #20 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=7a489e95c51f47f5e25a5613e375ec000618e52a

commit 7a489e95c51f47f5e25a5613e375ec000618e52a
Author:     Alexander Leidinger <netchild@FreeBSD.org>
AuthorDate: 2025-05-24 18:17:24 +0000
Commit:     Alexander Leidinger <netchild@FreeBSD.org>
CommitDate: 2025-05-24 18:21:13 +0000

    Mk/Features: Add features for fortify, zeroregs and stack autoinit.

    Those 3 features for ports go along with the cooresponding features from
    the basesystem (some only availabe in -current).

    The options you can put into make.conf for the ports collections are:

    WITH_FORTIFY=yes
        This enables mitigations of common memory safety issues, such as buffer
        overflows, by adding checks to functions like memcpy, strcpy, sprintf,
        and others when the compiler can determine the size of the destination
        buffer at compile time.

    WITH_STACK_AUTOINIT=yes
        This enables a compiler specific option to automatically initialize
        local (automatic) variables to prevent the use of uninitialized memory.

    WITH_ZEROREGS=yes
        Zero call-used registers at function return to increase program
        security by either mitigating Return-Oriented Programming (ROP)
        attacks or preventing information leakage through registers.
        This depends upon support from the compiler for a given architecture.
        This is disabled for python ports, currently there are issues.

    Approved by:    portmgr (mat)
    PR:             284270

 Mk/Features/fortify.mk (new)        | 18 ++++++++++++++++++
 Mk/Features/stack_autoinit.mk (new) | 23 +++++++++++++++++++++++
 Mk/Features/zeroregs.mk (new)       | 28 ++++++++++++++++++++++++++++
 Mk/Uses/python.mk                   |  2 ++
 Mk/bsd.port.mk                      |  3 ++-
 5 files changed, 73 insertions(+), 1 deletion(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.