Tuesday, September 24, 2013

CFT: Ports Now Have Stack Protector Support

Bryan Drewery recently announced a call for testing as FreeBSD Ports now support enabling Stack Protector on FreeBSD 10 i386 and amd64. Currently, on older releases, only amd64 is supported, though support may be added for earlier i386 releases once all ports properly respect LDFLAGS.

To enable this support,  add WITH_SSP=yes to make.conf and rebuild all installed ports. The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all may optionally be set instead.

Testers are needed to help identify any major ports that have run-time issues. The plan is to eventually enable support by default. If you find any problematic ports, you can assist by submitting a problem report.

1 comment:

  1. Patches have been published to add fstack-protector-strong to ports