HEADS UP: _FORTIFY_SOURCE=2 is the default in 15-CURRENT
8 views
Skip to first unread message
Shawn Webb
May 16, 2024, 5:16:31 PMMay 16
to HardenedBSD Users
Hey all,
FreeBSD recently imported a port of NetBSD's _FORITY_SOURCE
implementation[1].
I've enabled it to be set to 2 by default on 15-CURRENT[2]. I've also
enabled it in ports[3].
If you experience issues, please let me know. There will likely be a
large number of ports to fix (and fixes are already coming in.)
[1]:
https://cgit.freebsd.org/src/commit/?id=be04fec42638f30f50b5b55fd8e3634c0fb89928
[2]:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/927fd28755da27c5dd2b1b0d0396c93db585f933
[3]:
https://git.hardenedbsd.org/hardenedbsd/ports/-/commit/3d7dcd284ce3083103edd6b28b3d232abbfeaa63
For more information about _FORTIFY_SOURCE, please visit the following
links:
1.
https://developers.redhat.com/articles/2023/07/04/developers-guide-secure-coding-fortifysource#how_to_use_fortify_source
2.
https://www.gnu.org/software/libc/manual/html_node/Source-Fortification.html
3.
https://developers.redhat.com/blog/2020/02/11/toward-_fortify_source-parity-between-clang-and-gcc#first_glance
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
FreeBSD recently imported a port of NetBSD's _FORITY_SOURCE
implementation[1].
I've enabled it to be set to 2 by default on 15-CURRENT[2]. I've also
enabled it in ports[3].
If you experience issues, please let me know. There will likely be a
large number of ports to fix (and fixes are already coming in.)
[1]:
https://cgit.freebsd.org/src/commit/?id=be04fec42638f30f50b5b55fd8e3634c0fb89928
[2]:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/927fd28755da27c5dd2b1b0d0396c93db585f933
[3]:
https://git.hardenedbsd.org/hardenedbsd/ports/-/commit/3d7dcd284ce3083103edd6b28b3d232abbfeaa63
For more information about _FORTIFY_SOURCE, please visit the following
links:
1.
https://developers.redhat.com/articles/2023/07/04/developers-guide-secure-coding-fortifysource#how_to_use_fortify_source
2.
https://www.gnu.org/software/libc/manual/html_node/Source-Fortification.html
3.
https://developers.redhat.com/blog/2020/02/11/toward-_fortify_source-parity-between-clang-and-gcc#first_glance
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Reply all
Reply to author
Forward
0 new messages