include: ssp: ignore fortify for purecap #2260
Conversation
lib/libc/secure and hence *_chk() libc function variants for SSP are not built when the world is compiled for the pure-capability ABI. In such a case, don't define __SSP_FORTIFY_LEVEL, based on _FORTIFY_SOURCE, that is used to redefine libc functions to their *_chk() variants. This check matches the check in lib/libc/Makefile to exclude lib/libc/secure.
|
I guess the question is if we think that purecap fully supplants the checks for fortify source, or if it only supplants some of them. If only some of them we should instead perhaps build the various *_chk routines but #ifdef out the checks that purecap already handles? |
|
I think that longer term we should implement _FORTIFY_SOURCE eliding checks we're confident purecap provides and keeping ones it doesn't (e.g., checking for overlapping memcpy arguments). Thinking aloud, there might be some cases were purecap provides a different, but mostly sufficient check due to representability. We might want an option to keep strict check or elide them. |
|
I'm fine with merging this change for now, but we should open an issue to do what @brooksdavis described. |
lib/libc/secure and hence *_chk() libc function variants for SSP are not built when the world is compiled for the pure-capability ABI.
In such a case, don't define __SSP_FORTIFY_LEVEL, based on _FORTIFY_SOURCE, that is used to redefine libc functions to their *_chk() variants. This check matches the check in lib/libc/Makefile to exclude lib/libc/secure.
With this change, devel/m4 that uses _FORTIFY_SOURCE builds correctly.