Diffusion FreeBSD src repository - subversion rS180012

Enable GCC stack protection (aka Propolice) for userland:
rS180012Unpublished
Actions

Tags

None

Referenced Files

None

Subscribers

None

Unpublished Commit · Learn More

No further details are available.

Description

Enable GCC stack protection (aka Propolice) for userland:

It is opt-out for now so as to give it maximum testing, but it may be turned opt-in for stable branches depending on the consensus. You can turn it off with WITHOUT_SSP.
WITHOUT_SSP was previously used to disable the build of GNU libssp. It is harmless to steal the knob as SSP symbols have been provided by libc for a long time, GNU libssp should not have been much used.
SSP is disabled in a few corners such as system bootstrap programs (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
It should be safe to use -fstack-protector-all to build world, however libc will be automatically downgraded to -fstack-protector because it breaks rtld otherwise.
This option is unavailable on ia64.

Enable GCC stack protection (aka Propolice) for kernel:

It is opt-out for now so as to give it maximum testing.
Do not compile your kernel with -fstack-protector-all, it won't work.

Submitted by: Jeremie Le Hen <jeremie@le-hen.org>

Details

Provenance

ru	Authored on

Parents

rS180011: Use "__asm __volatile" rather than "__asm" for instruction sequences

Branches

Unknown

Tags

Unknown

Event Timeline

lffpires_ruabrasil.org mentioned this in D15283: Created static pic libc with no SSP to be used by rtld.May 3 2018, 9:14 PM

Changes (37)

Path

Size

head/

gnu/

lib/

csu/

libssp/

lib/

csu/

libc/

libstand/

libthr/

libexec/

rtld-elf/

release/

picobsd/

build/

rescue/

librescue/

rescue/

share/

mk/

sys/

boot/

arm/

at91/

efi/

i386/

loader/

ia64/

common/

efi/

ski/

ofw/

pc98/

loader/

powerpc/

ofw/

sparc64/

loader/

uboot/

conf/

kern/

stack_protector.c

tools/

build/

options/

rS180012

head/Makefile.inc1

Loading...

head/gnu/lib/Makefile

Loading...

head/gnu/lib/csu/Makefile

Loading...

head/gnu/lib/libssp/Makefile

Loading...

head/lib/csu/Makefile.inc

Loading...

head/lib/libc/Makefile

Loading...

head/lib/libstand/Makefile

Loading...

head/lib/libthr/Makefile

Loading...

head/libexec/rtld-elf/Makefile

Loading...

head/release/Makefile

Loading...

head/release/picobsd/build/picobsd

Loading...

head/rescue/librescue/Makefile

Loading...

head/rescue/rescue/Makefile

Loading...

head/share/mk/bsd.sys.mk

Loading...

head/sys/boot/Makefile.inc

Loading...

head/sys/boot/arm/Makefile.inc

Loading...

head/sys/boot/arm/at91/Makefile.inc

Loading...

head/sys/boot/efi/Makefile.inc

Loading...

head/sys/boot/i386/Makefile.inc

Loading...

head/sys/boot/i386/loader/Makefile

Loading...

head/sys/boot/ia64/Makefile.inc

Loading...

head/sys/boot/ia64/common/Makefile

Loading...

head/sys/boot/ia64/efi/Makefile

Loading...

head/sys/boot/ia64/ski/Makefile

Loading...

head/sys/boot/ofw/Makefile.inc

Loading...

head/sys/boot/pc98/Makefile.inc

Loading...

head/sys/boot/pc98/loader/Makefile

Loading...

head/sys/boot/powerpc/Makefile.inc

Loading...

head/sys/boot/powerpc/ofw/Makefile

Loading...

head/sys/boot/sparc64/Makefile.inc

Loading...

head/sys/boot/sparc64/loader/Makefile

Loading...

head/sys/boot/uboot/Makefile.inc

Loading...

head/sys/conf/files

Loading...

head/sys/conf/kern.mk

Loading...

head/sys/conf/kern.pre.mk

Loading...

head/sys/kern/stack_protector.c

Loading...

head/tools/build/options/WITHOUT_SSP

Loading...