> Module Name:	src
> Committed By:	tls
> Date:		Mon May 28 12:06:43 UTC 2007
> 
> Modified Files:

> Log Message:
> Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
> FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
> various string and memory copy and set functions (as well as a few system
> calls and other miscellany) where known at function entry.  RedHat has
> evidently built all "core system packages" with this option for some time.
> 
> This option should be used at the top of Makefiles (or Makefile.inc where
> this is used for subdirectories) but after any setting of LIB.
> 
> This is only useful for userland code, and cannot be used in libc or in
> any code which includes the libc internals, because it overrides certain
> libc functions with macros.  Some effort has been made to make USE_FORT=yes
> work correctly for a full-system build by having the bsd.sys.mk logic
> disable the feature where it should not be used (libc, libssp iteself,
> the kernel) but no attempt has been made to build the entire system with
> USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
> 
> Adjust the system build so that all programs and libraries that are setuid,
> directly handle network data (including serial comm data), perform
> authentication, or appear likely to have (or have a history of having)
> data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
> with the exception of libc, which cannot use USE_FORT and thus uses
> only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
> per-directory or in a system build will disable if desired.

where was it proposed?

YAMAMOTO Takashi