tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Improving security for pkgsrc
On Jul 18, 7:14pm, Pierre Pronchery wrote:
} On 07/18/15 18:56, Joerg Sonnenberger wrote:
} > On Sat, Jul 18, 2015 at 06:38:09PM +0200, Pierre Pronchery wrote:
} >> 1. Building with stack smashing protection: (SSP)
} >>
} >> +_GCC_CFLAGS+= -fstack-protector
} >>
} >> This one is already described in NetBSD's build process; for a minor
} >> performance penalty, the compiler will have a canary checked to be
} >> present unmodified on a the stack, thereby helping with the mitigation
} >> of stack-based buffer overflows.
} >
} > It has been shown to be pretty weak in practise, so YMMV.
}
} Maybe, but meanwhile:
}
} 1997 First implementation for GCC
} 1998 First publication at USENIX
} 1998 By default in Immunix Linux
} 2001 IBM write ProPolice
} 2003 Ready for GCC 3.x
} 2005 RedHat improves further for GCC 4.1
} 2005 MSVC has it by default
} 2006 Fedora Core 5 enables it by default
} 2006 Ubuntu 6.10 enables it by default
} 2009 FreeBSD enables it by default in the base system
} 2011 ArchLinux uses enables it by default in packages
} 2012 Google improves some more
} 2013 Fedora Core 20 strenghtens the default
} 2014 ArchLinux strenghtens the default
}
} ???? OpenBSD uses it
} ???? Hardened Gentoo also
} ???? DragonFlyBSD as well
}
} I know that it does not mean it is a silver bullet, but it seems to be
} more than mature, and a significant number of community- and
} enterprise-driven projects have embraced it. And then, most are using
} more aggressive versions even. Personally, I consider it
} state-of-the-art, and we should at least provide the option.
In the case of base:
-----
revision 1.138
date: 2006-11-09 09:06:54 -0800; author: christos; state: Exp; lines: +5 -1;
Add ssp glue.
-----
And, this is where it was enabled by default:
-----
revision 1.143
date: 2007-05-28 05:06:23 -0700; author: tls; state: Exp; lines: +15 -5;
Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry. RedHat has
evidently built all "core system packages" with this option for some time.
[snip]
-----
That is from src/share/mk/bsd.sys.mk. There is plenty of work done
later to beef it up, but that is the initial commit.
As for pkgsrc, stuff like this would need to be done on a
package by package basis, since I suspect that it would break some
packages.
}-- End of excerpt from Pierre Pronchery
Home |
Main Index |
Thread Index |
Old Index