hi is there any way to build 4.8 release with this fstack protection? or atleast some ports is there any good info on this? the only page i found was that ibm page but it seemed outdated. //martin
On Tue, 8 Apr 2003, Martin Larsson wrote:> hi is there any way to build 4.8 release with this fstack protection? > or atleast some ports is there any good info on this? the only page i found was that ibm page but it seemed outdated. > > //martin > > _______________________________________________ > freebsd-security@freebsd.org mailing listThe instructions shouldn't need much updating, things haven't changed all that much. Take a stab at it, post instructions once you have it working. :) (When I last tried it on a 4.7 box, it did require a bit of tweaking to the patch, but it wasn't too major. The big issue was to not repeatedly apply the patch, as patch is dumb, and it kept appending the newly added stack protector patch file to itself each time. That confused me greatly at the time.) Mike "Silby" Silbersack
On Fri, 11 Apr 2003, Martin Blapp wrote:> Can't we add this to the gcc in the base_system for CURRENT ? > > It seems that OpenBSD 3.3 will contain this too as they > mention. > > Martin > > Martin Blapp, <mb@imp.ch> <mbr@FreeBSD.org>That'd work, except that then be dependant on the patch continuing to work during every gcc upgrade. One possible solution would be to have a gcc-ssp port which would build a SSP version of the base system's compiler, and call it gcc-ssp or something. Then we could make certain ports depend on using it, perhaps. The _real_ solution is for the gcc guys to integrate it into gcc 3.3, but I'm not sure how that could be made to happen. Mike "Silby" Silbersack
On Sat, 19 Apr 2003, Kris Kennaway wrote:> Yes, it was to do with module loading. I think the XFree86 module > build ignored CFLAGS, so the modules were not built with > -fstack-protector.The modules use MODCFLAGS and MODULE_CFLAGS instead. I'm familair with the XFree86 loader, and would be willing to work with someone familiar with the -fstack-protector part to fix this. Stuart Stuart R. Anderson anderson@netsweng.com Network & Software Engineering http://www.netsweng.com/ 1024D/37A79149: 0791 D3B8 9A4C 2CDC A31F BD03 0A62 E534 37A7 9149