Re: HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386

[Matthias Scheler <tron%NetBSD.org@localhost>]

On Wed, Nov 11, 2009 at 01:30:34PM -0500, Thor Lancelot Simon wrote:
> > Is there any benefit to recompiling packages? Do libraries and binaries
> > built on machines with and w/o ssp interoperate when mingled?
> 
> Do the default compilation flags for pkgsrc turn on stack protection
> now?

No, the change is specificly designed to limit (automatic) SSP to the
NetBSD source tree. Determing how to add SSP support to "pkgsrc" in
a sensible way is on my (long) list of projects.

> Many of the system libraries have been compiled with stack
> protection ...

I don't think so. The only place where SSP is turned on in this bit of
makefile code in "bsd.sys.mk":

.if defined(USE_SSP) && (${USE_SSP} != "no") && (${BINDIR:Ux} != "/usr/mdec")
.if ${HAS_SSP} == "yes"
COPTS+=         -fstack-protector -Wstack-protector --param ssp-buffer-size=1
.endif
.endif

There is nothing in "src/lib" which turns on "-fstack-protector". There
are only places where "-Wno-stack-protector" is used to avoid build
failures caused by dynamic stack allocations.

> To the extent of my knowledge there is no problem with library
> interoperation.

That is my knowledge as well.

        Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/