Page MenuHomeFreeBSD
Differential D48426

increase security/safety checks for SSP and FORTIFY
Needs ReviewPublic
Actions

Authored by netchild on Sat, Jan 11, 2:15 PM.

Details

Reviewers
None
Group Reviewers
fortify source
security
Summary

SSP:
add stack clash protection, see

https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
https://developers.redhat.com/blog/2020/05/22/stack-clash-mitigation-in-gcc-part-3
https://blog.llvm.org/posts/2021-01-05-stack-clash-protection/

FORTIFY:
add some compile time checks for arrays, see

https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
Test Plan

All of this runs since some months on a jail host with mysql, postgresql,
redis, named, unbound, openldap, postfix, rspamd, dovecot, php 8.3,
python, various java based services, squid, nginx, samba, ...

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Revision Contents
Changeset List

PathSize
share/
mk/
7 lines

Diff 149130

View Options

share/mk/bsd.sys.mk

Loading...