[CFdiscussion] ports and FORTIFY_SOURCE

[Chris H]

On Wed, 2 Sep 2015 17:12:39 +0200 Baptiste Daroussin <bapt at FreeBSD.org> wrote

> On Mon, Aug 31, 2015 at 01:34:06PM -0500, Pedro Giffuni wrote:
> > Dear ports developers;
> > 
> > This year I mentored Oliver Pinter's GSoC project [1] to port
> > FORTIFY_SOURCE to FreeBSD. The project was more complex than we
> > thought initially but it was successful.
> > 
> > For those of you that haven't heard of it, it's a trick supported by 
> > libc to enable bounds-checking on common string and memory functions.
> > The code has gone through extensive testing with both clang and the
> > base gcc. It should work fine with newer gcc but it is untested there.
> > 
> > To activate it you will just need to add -D_FORTIFY_SOURCE=1 (or 2) in
> > the CFLAGS and that will transparently add the extra checks. The code
> > is non invasive but some ports (firefox, emacs) actually choose to run
> > with this flag on by default and an exp-run found some errors in those
> > cases.
> > 
> > There are currently two remaining PRs with patches for mail/ifile 
> > (202572) and net-p2p/namecoin (2012603), getting those committed soon
> > would avoid traumas in the ports tree once FORTIFY_SOURCE is committed.
> > 
> > In the future it would be nice to support a flag within ports to enable
> > or disable this extra flag for specific ports. I am unsure exactly how
> > to do it, it could be something as simple as
> > 
> > USE_FORTIFY=    yes
> > or as complex as
> > USES=     compiler:fortify=0
> > (0 disables it, 1 is standard for clang. 2 is standard for gcc)
> > 
> IMHO it should be done the exact same way as SSP was added. meaning always
> activated and ports that are not playing safely with it should explicitly
> disable it via:
> FORTIFY_UNSAFE=yes
> 
> and a WITHOUt_FORTIFY (like we have a WITHOUT_SSP) should be added for people
> willing to entirely remove it.

+1

and thanks for suggesting it Baptiste.

> 
> Bapt

--Chris