19fe57fdb4
This similarly matches what we do in libc; compiling libssp with -fstack-protector* is actively harmful. For instance, if the canary ctor ends up with a stack protector then it will trivially trigger a false positive as the canary's being initialized. This was noted by the reporter as irc/ircd-hybrid started crashing at start after our libssp was MFC'd to stable/11, as its build will explicitly link in libssp. On FreeBSD, this isn't necessary as SSP bits are included in libc, but it should absolutely not trigger runtime breakage -- it does mean that the canary will get initialized twice, but as this is happening early on in application startup it should just be redundant work. Reported by: Tod McQuillin <devin@sevenlayer.studio> MFC after: 3 days
25 lines
621 B
Makefile
25 lines
621 B
Makefile
# $FreeBSD$
|
|
|
|
PACKAGE= clibs
|
|
SHLIBDIR?= /lib
|
|
SHLIB= ssp
|
|
SHLIB_MAJOR= 0
|
|
|
|
VERSION_DEF= ${.CURDIR}/Versions.def
|
|
SYMBOL_MAPS= ${.CURDIR}/Symbol.map
|
|
|
|
.PATH: ${SRCTOP}/lib/libc/secure
|
|
CFLAGS+= -I${SRCTOP}/lib/libc/include
|
|
# _elf_aux_info is exported from libc as elf_aux_info(3), so just that for the
|
|
# libssp build instead.
|
|
CFLAGS+= -D_elf_aux_info=elf_aux_info
|
|
SRCS= stack_protector.c fortify_stubs.c
|
|
|
|
CFLAGS.fortify_stubs.c= -Wno-unused-parameter
|
|
|
|
# Stack protection on libssp symbols should be considered harmful, as we may
|
|
# be talking about, for example, the guard setup constructor.
|
|
SSP_CFLAGS:=
|
|
|
|
.include <bsd.lib.mk>
|