Activating libssp
Jeremie Le Hen
jlh at FreeBSD.org
Mon May 28 21:22:46 UTC 2012
Hi Mel,
On Sun, May 27, 2012 at 08:15:02PM +0200, Mel Flynn wrote:
> Hi,
>
> for a port, I'm seeing:
> #ifdef _FORTIFY_SOURCE
> ...
> #endif
>
> I did a bit of reading (http://wiki.debian.org/Hardening) for example,
> searching through /usr/share/mk/* /usr/include/libssp, /usr/src/gnu/libssp.
>
> However, it's not clear to me, where the magic is that pulls in the
> libssp library that is in /lib.
>
> Also - it seems to be part of gcc, so does that mean on systems without
> gcc, that this library is not available or does clang have a variant?
gnu/lib/libssp is built for compatibility reasons. See
http://svnweb.freebsd.org/base?view=revision&revision=169718
Our libc provides the necessary symbols.
http://svnweb.freebsd.org/base/head/lib/libc/sys/stack_protector.c
> I do see -fstack-protector is added to CFLAGS by default, so I'm
> thinking there's some magic somewhere, but I'm just missing the docs
> that tell me "if you add foo to CFLAGS then bar will happen, unless baz".
I'm not sure what you mean, but -fstack-protector is documented in GCC
documentation, I suppose it's the same for Clang but I didn't check.
You can disable it on FreeBSD by setting WITHOUT_SSP in src.conf(5).
--
Jeremie Le Hen
Men are born free and equal. Later on, they're on their own.
Jean Yanne
More information about the freebsd-hackers
mailing list