Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386



On Wed, Nov 11, 2009 at 04:55:07PM +0000, Matthias Scheler wrote:
> I've just enabled Stack Smash Protection by default for NetBSD/amd64
> and NetBSD/i386 in current. As a result kernels and userland will be
> build with "-fstack-protector" and eventually also "-Wstack-protector".
> I've tested full release builds of both ports on a NetBSD/i386 machine
> which uses SSP userland and kernel.
> 
> SSP will result in a slowdown of about 5%, please read this thread
> for more details:
> 
>       http://mail-index.netbsd.org/port-i386/2009/10/18/msg001465.html
> 
> You can still build NetBSD/amd64 and NetBSD/i386 with SSP turned off
> by adding "USE_SSP=no" to "/etc/mk.conf" or by using the command line
> argument "-V USE_SSP=no" when invoking "build.sh".

I've improved the makefile settings in the meantime:

USE_SSP_DEFAULT=no      Old behavior where "libc" and certain daemons
                        (e.g. "ypserv") get built with SSP, but the
                        rest of the source tree (including kernels)
                        get built without SSP.

USE_SSP=no              Turn off SSP completely. This is however *not*
                        the previous behaviour

        Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/

Attachment: pgpekyyYyjVwf.pgp
Description: PGP signature



Home | Main Index | Thread Index | Old Index