How to build FreeBSD with stack protection

How to build FreeBSD with stack protection


Preparations

1. Get FreeBSD Stable 5.1 (4.8)
2. apply the protector patch for FreeBSD 5.1. (MD5). (for 4.8 user: patch. MD5)
cd /usr/src
patch -p0 < protector-fbsd-5.1-2.patch
3. build and install gcc which has the stack protection capability as default
1. build and install libc
cd /usr/src/lib/libc
make obj && make depend && make all install
2. build and install gcc
cd /usr/src/gnu/usr.bin/cc
make obj && make depend && make all install
4. follow build steps.

Build Steps

1. rebuild and install everything
cd /usr/src
mergemaster -p
make buildworld
make buildkernel
make installkernel
shutdown -r now, bring the system back up in single-user mode
make installworld
mergemaster
reboot

Upgrade Steps from protected freeBSD system

When you use cvsup for upgrading its sources, you should remove /usr/src/contrib/gcc/{protector.h,protector.c} and then re-apply the patch and follow the installation instructions.

In order to upgrade as the following steps, you will have to use cvs instead of cvsup to avoid clobbering the patch.

1. cvs update -r RELENG_5 -d -P on the /usr/src directory
2. make buildworld
3. make installworld

Change Log

* update the patch for FreeBSD 5.1 (22, December, 2003)
* FreeBSD 5.1 (25, November, 2003)
* fix several instructions on FreeBSD 4.8 (11, Apr, 2003, thanks to Dag-Erling Smorgrav)
* FreeBSD 4.8 (7, Apr, 2003)
* FreeBSD 4.4 (7, Jan, 2002)