Integration of ProPolice in FreeBSD

Jeremie Le Hen jeremie at le-hen.org
Mon Jun 9 20:13:33 UTC 2008 

Hi Ruslan, all,

On Wed, Apr 23, 2008 at 03:17:20PM +0200, Jeremie Le Hen wrote:
> Hi Antoine,
> 
> On Fri, Apr 18, 2008 at 04:37:06PM +0200, Antoine Brodin wrote:
> > Last time I looked at your patch, there was a problem when using
> > -fstack-protector-all instead of -fstack-protector:
> > when you compile lib/csu/*, gnu/lib/csu/*, or
> > src/lib/libc/sys/stack_protector.c with this flag, there is a kind of
> > chicken/egg problem and you end up with an unusable world.
> > That said, it would be great to be able to compile world with SSP when
> > an option is set in src.conf.
> 
> You were right.  I had a chance to test it this weekend.  Thank you for
> pointing this out.

I have had little spare time lately, this is why my followup have taken
so long.

Since this report from Antoine, my goal has been to be able to use
-fstack-protector-all when building world.  I hoped it would be quite
straightforward, IOW that preventing bootstrap functions from being
protected would be enough.  Unfortunately, it seems that building
libc_pic.a/libc.so with -fstack-protector-all breaks rtld in a very
twisted way that I'm unable to untangle for now.

Nonetheless, I really want to see this patch hit the tree before 8.x is
forked off.  I have existed for more than two years and I would like to
avoid delaying it futher.  So I will go the easy path for now and
prevent libc from being built with -fstack-protector-all.

Here are what haved changed since the previous patch:
- SSP is opt-out except for ia64; this is intended to trigger bugs.
  However this doesn't mean it will be enabled by default in stable
  releases.
- Thanks to Antoine, SSP related symbols are now compiled without stack
  protection itself.  This prevents a chicken and egg problem.
- lib/csu, gnu/lib/csu and libexec/rtld-elf are built without stack
  protection.

I'm looking forward for more review and testing of this patch in order
to get it committed soon.

Ruslan, would you mind reviewing the change in bsd.own.mk as well?

Thank you very much.
Best regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fbsd8-ssp.diff
Type: text/x-diff
Size: 19938 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20080609/104e70ed/fbsd8-ssp.bin

More information about the freebsd-arch mailing list