[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src
> Module Name: src
> Committed By: tls
> Date: Mon May 28 12:06:43 UTC 2007
> Modified Files:
> Log Message:
> Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
> FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
> various string and memory copy and set functions (as well as a few system
> calls and other miscellany) where known at function entry. RedHat has
> evidently built all "core system packages" with this option for some time.
> This option should be used at the top of Makefiles (or Makefile.inc where
> this is used for subdirectories) but after any setting of LIB.
> This is only useful for userland code, and cannot be used in libc or in
> any code which includes the libc internals, because it overrides certain
> libc functions with macros. Some effort has been made to make USE_FORT=yes
> work correctly for a full-system build by having the bsd.sys.mk logic
> disable the feature where it should not be used (libc, libssp iteself,
> the kernel) but no attempt has been made to build the entire system with
> USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
> Adjust the system build so that all programs and libraries that are setuid,
> directly handle network data (including serial comm data), perform
> authentication, or appear likely to have (or have a history of having)
> data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
> with the exception of libc, which cannot use USE_FORT and thus uses
> only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no
> per-directory or in a system build will disable if desired.
where was it proposed?
Main Index |
Thread Index |