# FORTIFY_SOURCE in FreeBSD



## kavitakr (Feb 11, 2020)

What is the current status of FORTIFY_SOURCE in FreeBSD?

We use BSD 11 in which I see
hardening-check /usr/bin/su
/usr/bin/su:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: unknown, no protectable libc functions used
Read-only relocations: no, not found!
Immediate binding: no, not found!

Is it recommended to enable by default?


----------



## mark_j (Feb 11, 2020)

Refer:


			SummerOfCode2015/FreeBSDLibcSecurityExtensions - FreeBSD Wiki


----------



## SirDice (Feb 11, 2020)

> The GSoC is over and we are satisfied with the results of the exercise. *The code is not being considered for the base system* for three reasons:
> 
> The code has issues that need more work.
> clang didn't really implement support for FORTIFY_SOURCE and the GCC model doesn't really work well with clang. Note that Google's Bionic libc has a new design that works with clang.
> FORTIFY_SOURCE can be largely replaced by combining other technologies like static checkers and sanitizers that don't add code to the C library. The "strong" stack protection and safe stack have also improved significantly making FORTIFY_SOURCE redundant.


----------



## Chaitra P B (May 31, 2022)

What is the current status of FORTIFY_SOURCE in FreeBSD 13, which has clang version 11.0.1?
is it recommended to use/enable by default ?

Thanks in advance !


----------



## Alain De Vos (May 31, 2022)

I compile everything with :

```
-D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS -fstack-protector
```
Most things works fine...
You can randomly run into troubles like wayland, dlang, llvm.

It is recommended not to put additional flags in make.conf unless you know what you do.
There is also hardened-BSD if you think security is more important or open-BSD if you think security is very important.
I consider personally freebsd secure enough  [Compared to linux/windows]


----------

