diff options
Diffstat (limited to 'website/content/en/status/report-2025-04-2025-06/ports-security.adoc')
| -rw-r--r-- | website/content/en/status/report-2025-04-2025-06/ports-security.adoc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/website/content/en/status/report-2025-04-2025-06/ports-security.adoc b/website/content/en/status/report-2025-04-2025-06/ports-security.adoc index 8fb04f26d6..eba18d298d 100644 --- a/website/content/en/status/report-2025-04-2025-06/ports-security.adoc +++ b/website/content/en/status/report-2025-04-2025-06/ports-security.adoc @@ -11,12 +11,12 @@ As not all ports are compatible with them, this is not enabled by default. The 3 new features which can be enabled for the Ports Collection in [.filename]#make.conf# are: -- WITH_FORTIFY=yes:: +- WITH_FORTIFY=yes: This enables mitigations of common memory safety issues, such as buffer overflows, by adding checks to functions like memcpy, strcpy, sprintf, and others when the compiler can determine the size of the destination buffer at compile time. This requires support from the FreeBSD base system and may only be available in FreeBSD 15 onwards. -WITH_STACK_AUTOINIT=yes:: +- WITH_STACK_AUTOINIT=yes: This enables a compiler specific option to automatically initialize local (automatic) variables to prevent the use of uninitialized memory. -WITH_ZEROREGS=yes:: +- WITH_ZEROREGS=yes: Zero call-used registers at function return to increase program security by either mitigating Return-Oriented Programming (ROP) attacks or preventing information leakage through registers. This depends upon support from the compiler for a given architecture. This is disabled for python ports; currently there are issues. |