HBSD: Disable cfi-icall scheme for OpenSSH's ssh-sk-helper

The FIDO/U2F helper program for OpenSSH violates the cfi-icall CFI
scheme. Until I get more time to determine the cause, and a potential
fix, disable cfi-icall for the program.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
MFC-to:		13-STABLE
This commit is contained in:
Shawn Webb 2022-06-07 22:23:14 -04:00
parent 9e3df47102
commit dcd402abb9

View File

@ -11,6 +11,8 @@ LIBADD= ssh crypto z
LIBADD+= fido2 cbor
.endif
CFI_OVERRIDE= -fno-sanitize=cfi-icall
.include <bsd.prog.mk>
.PATH: ${SSHDIR}