diff options
| author | deraadt <> | 2017-05-29 09:44:01 +0000 |
|---|---|---|
| committer | deraadt <> | 2017-05-29 09:44:01 +0000 |
| commit | 5d6e7d3a6ae121b3beb65f8adb80e5716ad60b15 (patch) | |
| tree | 17943fc536207ee282d5e6978d633d32ea72ffc6 /src | |
| parent | a4ee667a554f6ddf58a7c84a8ca27d04bd88872e (diff) | |
| download | openbsd-5d6e7d3a6ae121b3beb65f8adb80e5716ad60b15.tar.gz openbsd-5d6e7d3a6ae121b3beb65f8adb80e5716ad60b15.tar.bz2 openbsd-5d6e7d3a6ae121b3beb65f8adb80e5716ad60b15.zip | |
Randomize link-order of libcrypto as we do with libc. This library
has many small functions without significant local storage, therefore
less tail protection from -fstack-protector-strong to prevent their use
as ROP gadgets. It is used in security contexts. Also many functions
dribble pointers onto the stack, allowing discovery of gadgets via the
fixed relative addresses, so let's randomly bias those.
ok tedu jsing
The rc script will soon need a strategy for skipping this step on
machines with poor IO performance. Or maybe do it less often? However,
I don't see many more libraries we'll do this with, these are the two
most important ones.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/Makefile | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile index 6454d6b109..4e9528a5d9 100644 --- a/src/lib/libcrypto/Makefile +++ b/src/lib/libcrypto/Makefile | |||
| @@ -1,6 +1,7 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.17 2017/05/06 20:42:57 beck Exp $ | 1 | # $OpenBSD: Makefile,v 1.18 2017/05/29 09:44:01 deraadt Exp $ |
| 2 | 2 | ||
| 3 | LIB= crypto | 3 | LIB= crypto |
| 4 | LIBREBUILD=y | ||
| 4 | 5 | ||
| 5 | .include <bsd.own.mk> | 6 | .include <bsd.own.mk> |
| 6 | .ifndef NOMAN | 7 | .ifndef NOMAN |