How to turn off SSP stack-protector on 11.0S

Konstantin Belousov kostikbel at gmail.com
Tue Nov 29 09:22:09 UTC 2016 

On Tue, Nov 29, 2016 at 12:32:28PM +1100, Dewayne Geraghty wrote:
> Is WITHOUT_SSP actually honoured and is building a world and/or ports
> without SSP possible? Advise/suggestions appreciated.
> 
> Amongst the 9 different server configurations that we build/support, we've
> been asked to build a machine dedicated to PROLOG use.  (yes really).
> 
> As such we're trying to turn off everything that isn't needed for this
> particular server.  For those concerned with security, it is an air-gap
> machine receiving data via usb.
> 
> We've built/installed 11.0S from source.  Now we're building the custom
> server.  However, even with WITHOUT_SSP= in both /etc/make.conf and
> /etc/src.conf, we come up against little issues like:
> "can not find /usr/lib/libssp_nonshared.a"
So, does your host have /usr/lib/libssp_nonshared.a ?  How did you installed
11.0, and what does designator 11.0S above mean ?

Easy way out is to claim that r307146 should help you, but I suspect that
there is something more broken in your configuration or build/install
method.

> 
> An example:
> Stage 2.3: build tools
> ===> bin/csh (obj,build-tools)
> grep 'ERR_' /usr/src/bin/csh/../../contrib/tcsh/sh.err.c | grep '^#define'
> >> sh.err.h
> cc -E -O2 -pipe -g0 -ggdb0 -DSTRIP_FBSDID -UDEBUGGING -UDEBUG
> -DUSB_HAVE_DISABLE_ENUM -I. -I/usr/src/bin/csh
> -I/usr/src/bin/csh/../../contrib/tcsh -D_PATH_TCSHELL='"/bin/csh"' -g
> -std=gnu99 -Qunused-arguments
> -I/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/include
> /usr/src/bin/csh/../../contrib/tcsh/tc.const.c
> /usr/src/bin/csh/../../contrib/tcsh/sh.char.h /usr/src/bin/csh/config.h
> /usr/src/bin/csh/../../contrib/tcsh/config_f.h
> /usr/src/bin/csh/../../contrib/tcsh/sh.types.h sh.err.h -D_h_tc_const |
> grep 'Char STR' |  sed -e 's/Char \([a-zA-Z0-9_]*\)\(.*\)/extern Char
> \1[];/' |  sort >> tc.const.h
> cc -o gethost  -L/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/lib -O2
> -pipe -g0 -ggdb0 -DSTRIP_FBSDID  -UDEBUGGING -UDEBUG
> -DUSB_HAVE_DISABLE_ENUM -I. -I/usr/src/bin/csh
> -I/usr/src/bin/csh/../../contrib/tcsh -D_PATH_TCSHELL='"/bin/csh"' -g
> -std=gnu99 -Qunused-arguments
> -I/usr/obj/prod/110001/D/K8/usr/src/tmp/legacy/usr/include
> /usr/src/bin/csh/../../contrib/tcsh/gethost.c
> /usr/bin/ld: cannot find /usr/lib/libssp_nonshared.a
> cc: error: linker command failed with exit code 1 (use -v to see invocation)
> *** [gethost] Error code 1
> 
> Note the
> /usr/bin/ld: cannot find /usr/lib/libssp_nonshared.a
> 
> It seems that the linker is trying to use the above library during the
> build of all static images/executables.

P.S. Toolchain@ is the place where you more likely to get a useful feedback.

More information about the freebsd-toolchain mailing list