tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CFLAGS='-fstack-protector -D_FORTIFY_SOURCE=2'



On Wed, 21 Jan 2009 18:56:40 -0500
Thor Lancelot Simon <tls%rek.tjls.com@localhost> wrote:

> On Wed, Jan 21, 2009 at 05:32:33PM -0500, Ed Ravin wrote:
> >
> > At the advice of one of the denizens of this list, I've started
> > doing all my local builds with -fstack-protector (Stackguard)
> > and -D_FORTIFY_SOURCE=2 (runtime bounds checking).
> > 
> > Are there any plans to use these flags in the default builds of
> > NetBSD or in pkgsrc?
> 
> Much of NetBSD is already built that way (you can build all of it that
> way by setting USE_FORT and USE_SSP and running a build).  I don't
> know about pkgsrc.
> 

That's some useful information I didn't know.
I see that USE_SSP is documented in share/mk/bsd.README, but I can't
find the same for USE_FORT.
Is it then not necessary to specify both?
What's the implication of omitting USE_FORT?

-
George.


Home | Main Index | Thread Index | Old Index