Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)

[Steven Bellovin <smb%cs.columbia.edu@localhost>]

On Nov 13, 2009, at 6:21 AM, Jukka Ruohonen wrote:

> On Thu, Nov 12, 2009 at 06:04:20PM -0500, Steven Bellovin wrote:
>> In the meantime, is there something I can put into mk.conf to enable it
>> when I do my own builds?  What about for pkgsrc builds?
> 
> Something like
> 
> .if defined(BSD_PKG_MK)
> CFLAGS+=-fstack-protector-all
> CXXFLAGS+=${CFLAGS}
> .endif

Thanks.
> 
> Note that quite a few packages break with SSP.


Hmm -- why?  Buffer overflows that haven't been exploited yet?

                --Steve Bellovin, http://www.cs.columbia.edu/~smb