Import propolice (http://www.trl.ibm.com/projects/security/ssp), a stack

attack protection scheme, into gcc.

This protection is enabled by default. It can be turned off by using the
-fno-stack-protector flag.

Code by Hiroaki Etoh (etoh at jp dot ibm dot com); work on openbsd-specific
integration by fgsch@, deraadt@ and myself; tests by fgsch@, naddy@ and
myself; beer drinking by myself.

Please note that system upgrades with this new code will require a new
libc and ld.so to be build and installed before the propolice-enabled
compiler can be installed.

2 files changed, 4 insertions, 2 deletions

diff --git a/sys/arch/i386/conf/Makefile.i386 b/sys/arch/i386/conf/Makefile.i386
index 23f19662ce8..f1791a9e38d 100644
--- a/sys/arch/i386/conf/Makefile.i386
+++ b/sys/arch/i386/conf/Makefile.i386
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.i386,v 1.31 2002/08/09 20:24:43 miod Exp $
+#	$OpenBSD: Makefile.i386,v 1.32 2002/12/02 09:00:23 miod Exp $
 #	$NetBSD: Makefile.i386,v 1.67 1996/05/11 16:12:11 mycroft Exp $
 
 # Makefile for OpenBSD
@@ -48,6 +48,7 @@ CMACHFLAGS=	-march=i486
 .else
 CMACHFLAGS=
 .endif
+CMACHFLAGS+=	-fno-stack-protector
 
 COPTS?=	-O2
 CFLAGS=		${DEBUG} ${CDIAGFLAGS} ${CMACHFLAGS} ${COPTS} ${PIPE}
diff --git a/sys/arch/i386/stand/Makefile.inc b/sys/arch/i386/stand/Makefile.inc
index adebaa94ec6..7b6147b3e42 100644
--- a/sys/arch/i386/stand/Makefile.inc
+++ b/sys/arch/i386/stand/Makefile.inc
@@ -1,6 +1,7 @@
-#	$OpenBSD: Makefile.inc,v 1.29 2000/10/09 20:25:10 mickey Exp $
+#	$OpenBSD: Makefile.inc,v 1.30 2002/12/02 09:00:23 miod Exp $
 
 CFLAGS=${DEBUG} -Os -Wall -Werror
+CFLAGS+=	-fno-stack-protector
 CPPFLAGS+=-I${S} -I${SADIR}/libsa -I. -I${.CURDIR}
 SACFLAGS=-D_STANDALONE
 DEBUGLIBS=no