FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F9.3 2009-07-14T21:19:13Z 2009-07-14T21:19:13Z Alexander Kabaev kan@FreeBSD.org 2009-07-14T21:19:13Z urn:sha1:2286fe763592aa13d320186bf3e233a560af749b compiled with stack protector. Use libssp_nonshared library to pull __stack_chk_fail_local symbol into each library that needs it instead of pulling it from libc. GCC generates local calls to this function which result in absolute relocations put into position-independent code segment, making dynamic loader do extra work every time given shared library is being relocated and making affected text pages non-shareable. Reviewed by: kib Approved by: re (kib) 2009-06-29T01:33:59Z Alexander Kabaev kan@FreeBSD.org 2009-06-29T01:33:59Z urn:sha1:d48890cfb8cf92f9f2d49763781b20fd01e1e9d4 Approved by: re (impliciti, by approving previos check-in) 2009-06-28T23:51:39Z Alexander Kabaev kan@FreeBSD.org 2009-06-28T23:51:39Z urn:sha1:a162c9ae9c55a9593b15ef618f4df0a045e39dbd Use libssp_nonshared library to pull __stack_chk_fail_local symbol into each library that needs it instead of pulling it from libc. GCC generates local calls to this function which result in absolute relocations put into position-independent code segment, making dynamic loader do extra work everys time given shared library is being relocated and making affected text pages non-shareable. Reviewed by: kib Approved by: re (kensmith) 2009-02-24T16:14:15Z Ruslan Ermilov ru@FreeBSD.org 2009-02-24T16:14:15Z urn:sha1:107e14e304ca79f541f39b0be352ae3beacab771 Noticed by: tegge 2009-02-21T15:04:31Z Ruslan Ermilov ru@FreeBSD.org 2009-02-21T15:04:31Z urn:sha1:d9ca85fca7bd0972742fae2a4c2d0ae6269ec059 Submitted by: Jeremie Le Hen 2008-06-25T21:33:28Z Ruslan Ermilov ru@FreeBSD.org 2008-06-25T21:33:28Z urn:sha1:042df2e2dadea9f43b62b79ed97534c0eecf1dad - It is opt-out for now so as to give it maximum testing, but it may be turned opt-in for stable branches depending on the consensus. You can turn it off with WITHOUT_SSP. - WITHOUT_SSP was previously used to disable the build of GNU libssp. It is harmless to steal the knob as SSP symbols have been provided by libc for a long time, GNU libssp should not have been much used. - SSP is disabled in a few corners such as system bootstrap programs (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves. - It should be safe to use -fstack-protector-all to build world, however libc will be automatically downgraded to -fstack-protector because it breaks rtld otherwise. - This option is unavailable on ia64. Enable GCC stack protection (aka Propolice) for kernel: - It is opt-out for now so as to give it maximum testing. - Do not compile your kernel with -fstack-protector-all, it won't work. Submitted by: Jeremie Le Hen <jeremie@le-hen.org> 2007-05-22T10:40:58Z Ruslan Ermilov ru@FreeBSD.org 2007-05-22T10:40:58Z urn:sha1:0effeaaec347c4ed5967074bf1d69228e38c99e8 2007-05-19T04:25:59Z Alexander Kabaev kan@FreeBSD.org 2007-05-19T04:25:59Z urn:sha1:afb57df680a4b620d54eac30728eca95e51fc0e3 Also: Switch FreeBSD to use libgcc_s.so.1. Use dl_iterate_phdr to locate shared objects' exception frame info instead of depending on older register_frame_info machinery. This allows us to avoid depending on libgcc_s.so.1 in binaries that do not use exception handling directly. As an additional benefit it breaks circular libc <=> libgcc_s.so.1 dependency too. Build newly added libgomp.so.1 library, the runtime support bits for OpenMP. Build LGPLed libssp library. Our libc provides our own BSD-licensed SSP callbacks implementation, so this library is only built to benefit applications that have hadcoded knowledge of libssp.so and libssp_nonshared.a. When linked in from command line, these libraries override libc implementation.