Differential D3448

[1/N] FORTIFY_SOURCE: basic requirements and framework
AbandonedPublic
Actions

Authored by op on Aug 21 2015, 8:01 PM.

Tags

Referenced Files

	Unknown Object (File)
	Tue, Oct 7, 8:43 PM

	Unknown Object (File)
	Sat, Oct 4, 2:55 AM

	Unknown Object (File)
	Fri, Oct 3, 1:36 AM

	Unknown Object (File)
	Wed, Sep 17, 4:03 AM

	Unknown Object (File)
	Tue, Sep 16, 5:00 PM

	Unknown Object (File)
	Tue, Sep 16, 4:42 PM

	Unknown Object (File)
	Sep 13 2025, 10:24 AM

	Unknown Object (File)
	Sep 13 2025, 4:06 AM

Subscribers

Details

Reviewers

Group Reviewers

Summary

add required defines and logic to sys/cdefs.h
add required defines and logic to include/secure/security.h
hook in to mtree
factor out the common parts from SSP, and make them common
added new build knob, and make them by default _disabled_

Test Plan

echo "WITH_FORTIFY=" >> /etc/src.conf
make buildworld

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

op updated this revision to Diff 8105.Aug 21 2015, 8:01 PM

op retitled this revision from to [1/N] FORTIFY_SOURCE: basic requirements and framework.

op updated this object.

op edited the test plan for this revision. (Show Details)

op added reviewers: fortify source, pfg.

op added a project: fortify source.

Herald added subscribers: emaste, bdrewery. · View Herald TranscriptAug 21 2015, 8:01 PM

op edited the test plan for this revision. (Show Details)Aug 21 2015, 8:02 PM

Missing the *_chk functions, without them nothing works.

lib/libc/secure/Symbol.map
11	Empty lists can be dropped (seen in the resolver).
share/mk/bsd.sys.mk
156	This is unnecessary at this time. I only want the libc support built in by default.
sys/sys/cdefs.h
556	Perhaps a parenthesis for the middles expression would look better even if it isn't strictly necessary.
tools/build/options/WITH_FORTIFY
1	Not necessary at this time.

op added a child revision: D3449: [2/N] FORTIFY_SOURCE: #undef _FORTIFY_SOURCE to avoid infinite recursion.Aug 21 2015, 8:17 PM

op added a child revision: D3450: [3/N] FORTIFY_SOURCE: disable the FORTIFY_SOURCE on programs, which depends on libstand or knowly not compiles with FORTIFTY_SOURCE.Aug 21 2015, 8:35 PM

op added a child revision: D3452: [4/N] FORTIFY_SOURCE: add sys/poll.h related fortified functions: __poll_chk and __ppoll_chk.Aug 21 2015, 9:35 PM

op abandoned this revision.Sep 21 2015, 10:49 AM

Revision Contents
Changeset List

Path

Size

etc/

mtree/

BSD.include.dist

2 lines

include/

2 lines

secure/

6 lines

93 lines

lib/

libc/

secure/

10 lines

17 lines

fortify_source.c

41 lines

secure_common.c

80 lines

stack_protector.c

40 lines

share/

mk/

1 line

10 lines

sys/

sys/

20 lines

tools/

build/

options/

4 lines

Diff 8105

etc/mtree/BSD.include.dist

Loading...

include/Makefile

Loading...

include/secure/Makefile

Loading...

include/secure/security.h

Loading...

lib/libc/secure/Makefile.inc

Loading...

lib/libc/secure/Symbol.map

Loading...

lib/libc/secure/fortify_source.c

Loading...

lib/libc/secure/secure_common.c

Loading...

lib/libc/secure/stack_protector.c

Loading...

share/mk/bsd.opts.mk

Loading...

share/mk/bsd.sys.mk

Loading...

sys/sys/cdefs.h

Loading...

tools/build/options/WITH_FORTIFY

Loading...