libssp: don't compile with -fstack-protector*

This similarly matches what we do in libc; compiling libssp with
-fstack-protector* is actively harmful.  For instance, if the canary ctor
ends up with a stack protector then it will trivially trigger a false
positive as the canary's being initialized.

This was noted by the reporter as irc/ircd-hybrid started crashing at start
after our libssp was MFC'd to stable/11, as its build will explicitly link
in libssp. On FreeBSD, this isn't necessary as SSP bits are included in
libc, but it should absolutely not trigger runtime breakage -- it does mean
that the canary will get initialized twice, but as this is happening early
on in application startup it should just be redundant work.

Reported by:	Tod McQuillin <devin@sevenlayer.studio>
MFC after:	3 days
This commit is contained in:
Kyle Evans 2020-03-14 15:15:27 +00:00
parent 1b786d0191
commit 19fe57fdb4
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=358993

View File

@ -17,4 +17,8 @@ SRCS= stack_protector.c fortify_stubs.c
CFLAGS.fortify_stubs.c= -Wno-unused-parameter
# Stack protection on libssp symbols should be considered harmful, as we may
# be talking about, for example, the guard setup constructor.
SSP_CFLAGS:=
.include <bsd.lib.mk>