On Wed, Nov 11, 2009 at 04:55:07PM +0000, Matthias Scheler wrote:
> I've just enabled Stack Smash Protection by default for NetBSD/amd64
> and NetBSD/i386 in current. As a result kernels and userland will be
> build with "-fstack-protector" and eventually also "-Wstack-protector".
> I've tested full release builds of both ports on a NetBSD/i386 machine
> which uses SSP userland and kernel.
>
> SSP will result in a slowdown of about 5%, please read this thread
> for more details:
>
> http://mail-index.netbsd.org/port-i386/2009/10/18/msg001465.html
>
> You can still build NetBSD/amd64 and NetBSD/i386 with SSP turned off
> by adding "USE_SSP=no" to "/etc/mk.conf" or by using the command line
> argument "-V USE_SSP=no" when invoking "build.sh".
I've improved the makefile settings in the meantime:
USE_SSP_DEFAULT=no Old behavior where "libc" and certain daemons
(e.g. "ypserv") get built with SSP, but the
rest of the source tree (including kernels)
get built without SSP.
USE_SSP=no Turn off SSP completely. This is however *not*
the previous behaviour
Kind regards
--
Matthias Scheler http://zhadum.org.uk/
Attachment:
pgpekyyYyjVwf.pgp
Description: PGP signature