Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386

On Wed, Nov 11, 2009 at 01:30:34PM -0500, Thor Lancelot Simon wrote:
> > Is there any benefit to recompiling packages? Do libraries and binaries
> > built on machines with and w/o ssp interoperate when mingled?
> Do the default compilation flags for pkgsrc turn on stack protection
> now?

No, the change is specificly designed to limit (automatic) SSP to the
NetBSD source tree. Determing how to add SSP support to "pkgsrc" in
a sensible way is on my (long) list of projects.

> Many of the system libraries have been compiled with stack
> protection ...

I don't think so. The only place where SSP is turned on in this bit of
makefile code in "":

.if defined(USE_SSP) && (${USE_SSP} != "no") && (${BINDIR:Ux} != "/usr/mdec")
.if ${HAS_SSP} == "yes"
COPTS+=         -fstack-protector -Wstack-protector --param ssp-buffer-size=1

There is nothing in "src/lib" which turns on "-fstack-protector". There
are only places where "-Wno-stack-protector" is used to avoid build
failures caused by dynamic stack allocations.

> To the extent of my knowledge there is no problem with library
> interoperation.

That is my knowledge as well.

        Kind regards

Matthias Scheler                        

Home | Main Index | Thread Index | Old Index