7a489e95c5
Those 3 features for ports go along with the cooresponding features from
the basesystem (some only availabe in -current).
The options you can put into make.conf for the ports collections are:
WITH_FORTIFY=yes
This enables mitigations of common memory safety issues, such as buffer
overflows, by adding checks to functions like memcpy, strcpy, sprintf,
and others when the compiler can determine the size of the destination
buffer at compile time.
WITH_STACK_AUTOINIT=yes
This enables a compiler specific option to automatically initialize
local (automatic) variables to prevent the use of uninitialized memory.
WITH_ZEROREGS=yes
Zero call-used registers at function return to increase program
security by either mitigating Return-Oriented Programming (ROP)
attacks or preventing information leakage through registers.
This depends upon support from the compiler for a given architecture.
This is disabled for python ports, currently there are issues.
Approved by: portmgr (mat)
PR: 284270
24 lines
783 B
Makefile
24 lines
783 B
Makefile
# The STACK_AUTOINIT feature mimics the corresponding FreeBSD basesystem feature.
|
|
#
|
|
# This enables a compiler specific option to automatically initialize
|
|
# local (automatic) variables to prevent the use of uninitialized memory.
|
|
#
|
|
# Variables that can be used:
|
|
#
|
|
# WITH_STACK_AUTOINIT Enable for all ports.
|
|
# WITH_STACK_AUTOINIT_PORTS Enable for specified category/port-name
|
|
# STACK_AUTOINIT_TYPE Valid options: zero (default), pattern, unitialized
|
|
#
|
|
|
|
.if !defined(_STACK_AUTOINIT_MK_INCLUDED)
|
|
_STACK_AUTOINIT_MK_INCLUDED= yes
|
|
STACK_AUTOINIT_Include_MAINTAINER= netchild@FreeBSD.org
|
|
|
|
STACK_AUTOINIT_TYPE?= zero
|
|
|
|
. if !defined(STATIC_AUTOINIT_UNSAFE)
|
|
CFLAGS+= -ftrivial-auto-var-init=${STACK_AUTOINIT_TYPE}
|
|
CXXFLAGS+= -ftrivial-auto-var-init=${STACK_AUTOINIT_TYPE}
|
|
. endif
|
|
.endif
|