FORTIFY_SOURCE in FreeBSD

kavitakr

New Member


Messages: 1

What is the current status of FORTIFY_SOURCE in FreeBSD?

We use BSD 11 in which I see
hardening-check /usr/bin/su
/usr/bin/su:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: unknown, no protectable libc functions used
Read-only relocations: no, not found!
Immediate binding: no, not found!

Is it recommended to enable by default?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,302
Messages: 32,149

The GSoC is over and we are satisfied with the results of the exercise. The code is not being considered for the base system for three reasons:
  • The code has issues that need more work.
  • clang didn't really implement support for FORTIFY_SOURCE and the GCC model doesn't really work well with clang. Note that Google's Bionic libc has a new design that works with clang.
  • FORTIFY_SOURCE can be largely replaced by combining other technologies like static checkers and sanitizers that don't add code to the C library. The "strong" stack protection and safe stack have also improved significantly making FORTIFY_SOURCE redundant.
 
Top