ru 8735fdbd4c Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
  turned opt-in for stable branches depending on the consensus.  You
  can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
  It is harmless to steal the knob as SSP symbols have been provided
  by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
  (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
  libc will be automatically downgraded to -fstack-protector because it
  breaks rtld otherwise.
- This option is unavailable on ia64.

Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.

Submitted by:	Jeremie Le Hen <jeremie@le-hen.org>
2008-06-25 21:33:28 +00:00

48 lines
1.2 KiB
Makefile

#
# $FreeBSD$
#
WITHOUT_SSP=
.include <bsd.own.mk>
# Certain library entries have hard-coded references to
# /bin, /sbin, etc, that require those entries to be
# recompiled for use in /rescue. This Makefile
# accomplishes that. Note that this is pure build hackery.
# This library should never be installed, and isn't even linked
# with in the normal way. (See ../rescue/Makefile for details.)
.PATH: ${.CURDIR}/../../lib/libc/gen \
${.CURDIR}/../../lib/libc/net \
${.CURDIR}/../../lib/libc/stdlib \
${.CURDIR}/../../lib/libutil
LIB= rescue
INTERNALLIB= # Don't install this library
SRCS= exec.c getusershell.c login_class.c popen.c rcmdsh.c \
sysctl.c system.c
CFLAGS+= -DRESCUE
# Flags copied from src/lib/libc and src/lib/libutil
# libc/db/Makefile.inc
CFLAGS+= -D__DBINTERFACE_PRIVATE
# libc/net/Makefile.inc & libutil/Makefile
.if ${MK_INET6_SUPPORT} != "no"
CFLAGS+= -DINET6
.endif
# libc/regex/Makefile.inc & libc/regex/grot/Makefile
CFLAGS+= -DPOSIX_MISTAKE
# libc/rpc/Makefile.inc
CFLAGS+= -DBROKEN_DES -DPORTMAP -DDES_BUILTIN
# libc/Makefile
.if ${MK_NIS} != "no"
CFLAGS+= -DYP
.endif
.if ${MK_HESIOD} != "no"
CFLAGS+= -DHESIOD
.endif
CFLAGS+= -I${.CURDIR}/../../lib/libc/include
.include <bsd.lib.mk>