On 9/21/2013 5:49 AM, Bryan Drewery wrote: > Ports now support enabling Stack Protector [1] support on FreeBSD 10 > i386 and amd64, and older releases on amd64 only currently. > > Support may be added for earlier i386 releases once all ports properly > respect LDFLAGS. > > To enable, just add WITH_SSP=yes to your make.conf and rebuild all ports. > > The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all > may optionally be set instead. > > Please help test this on your system. We would like to eventually enable > this by default, but need to identify any major ports that have run-time > issues due to it. > > [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection > We have not had any feedback on this yet and want to get it enabled by default for ports and packages. We now have a repository that you can use rather than the default to help test. We need your help to identify any issues before switching the default. This repository is available for: head 10.0 9.1,9.2,9.3 It is not available for 8.4. If someone is willing to test on 8.4 I will build a repository for it. Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf: FreeBSD: { enabled: no } FreeBSD_ssp: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/share/keys/pkg", enabled: yes } Once that is done you should force reinstall packages from this repository: pkg update pkg upgrade -f Thanks for your help! Bryan Drewery On behalf of portmgr.
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:51 UTC