From owner-freebsd-security@FreeBSD.ORG Fri Dec 28 00:44:35 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4360316A418 for ; Fri, 28 Dec 2007 00:44:35 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id 2C7B813C442 for ; Fri, 28 Dec 2007 00:44:34 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 3FABA4A765; Thu, 27 Dec 2007 19:44:34 -0500 (EST) Date: Fri, 28 Dec 2007 00:44:34 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= In-Reply-To: <86myrvhht9.fsf@ds4.des.no> Message-ID: <20071228004249.C43798@fledge.watson.org> References: <477277FF.30504@googlemail.com> <86myrvhht9.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="621616949-1225384271-1198802674=:43798" Cc: Gunther Mayer , freebsd-security@freebsd.org Subject: Re: ProPolice/SSP in 7.0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Dec 2007 00:44:35 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --621616949-1225384271-1198802674=:43798 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Thu, 27 Dec 2007, Dag-Erling Sm=F8rgrav wrote: > Gunther Mayer writes: >> I've known about ProPolice/SSP for a while now (from the Gentoo world) a= nd=20 >> am aware that FreeBSD 7.0 doesn't yet support it though I know of Jeremy= Le=20 >> Hen's patches (http://tataz.chchile.org/~tataz/FreeBSD/SSP/). > > Wrong. FreeBSD 7 has had SSP support since May; the patch you mention ju= st=20 > turns it on by default. You can probably achieve the same effect by addi= ng=20 > -fstack-protector to CFLAGS and COPTFLAGS in make.conf. I'd very much like us to think about turning it on by default -- while stac= k=20 protection is necessarily imperfect, it is increasingly considered a standa= rd=20 compiler feature to have enabled on operating systems. In fact, I know of= =20 relatively few that don't enable it by default... Robert N M Watson Computer Laboratory University of Cambridge --621616949-1225384271-1198802674=:43798--