Re: Improving security for pkgsrc

To: Pierre Pronchery <khorben%defora.org@localhost>, tech-pkg%netbsd.org@localhost
Subject: Re: Improving security for pkgsrc
From: John Nemeth <jnemeth%cue.bc.ca@localhost>
Date: Sat, 18 Jul 2015 15:14:53 -0700

On Jul 18,  7:14pm, Pierre Pronchery wrote:
} On 07/18/15 18:56, Joerg Sonnenberger wrote:
} > On Sat, Jul 18, 2015 at 06:38:09PM +0200, Pierre Pronchery wrote:
} >> 1. Building with stack smashing protection: (SSP)
} >>
} >>   +_GCC_CFLAGS+=  -fstack-protector
} >>
} >> This one is already described in NetBSD's build process; for a minor
} >> performance penalty, the compiler will have a canary checked to be
} >> present unmodified on a the stack, thereby helping with the mitigation
} >> of stack-based buffer overflows.
} > 
} > It has been shown to be pretty weak in practise, so YMMV.
} 
} Maybe, but meanwhile:
} 
} 1997 First implementation for GCC
} 1998 First publication at USENIX
} 1998 By default in Immunix Linux
} 2001 IBM write ProPolice
} 2003 Ready for GCC 3.x
} 2005 RedHat improves further for GCC 4.1
} 2005 MSVC has it by default
} 2006 Fedora Core 5 enables it by default
} 2006 Ubuntu 6.10 enables it by default
} 2009 FreeBSD enables it by default in the base system
} 2011 ArchLinux uses enables it by default in packages
} 2012 Google improves some more
} 2013 Fedora Core 20 strenghtens the default
} 2014 ArchLinux strenghtens the default
} 
} ???? OpenBSD uses it
} ???? Hardened Gentoo also
} ???? DragonFlyBSD as well
} 
} I know that it does not mean it is a silver bullet, but it seems to be
} more than mature, and a significant number of community- and
} enterprise-driven projects have embraced it. And then, most are using
} more aggressive versions even. Personally, I consider it
} state-of-the-art, and we should at least provide the option.

     In the case of base:

-----
revision 1.138
date: 2006-11-09 09:06:54 -0800;  author: christos;  state: Exp;  lines: +5 -1;
Add ssp glue.
-----

     And, this is where it was enabled by default:

-----
revision 1.143
date: 2007-05-28 05:06:23 -0700;  author: tls;  state: Exp;  lines: +15 -5;
Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.
[snip]
-----

That is from src/share/mk/bsd.sys.mk.  There is plenty of work done
later to beef it up, but that is the initial commit.

     As for pkgsrc, stuff like this would need to be done on a
package by package basis, since I suspect that it would break some
packages.

}-- End of excerpt from Pierre Pronchery

Follow-Ups:
- Re: Improving security for pkgsrc
  - From: Pierre Pronchery

References:
- Re: Improving security for pkgsrc
  - From: Pierre Pronchery

Prev by Date: Re: Improving security for pkgsrc
Next by Date: Re: Improving security for pkgsrc
Previous by Thread: Re: Improving security for pkgsrc
Next by Thread: Re: Improving security for pkgsrc
Indexes:

Home | Main Index | Thread Index | Old Index