From owner-freebsd-security@FreeBSD.ORG Sat Dec 29 02:47:05 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BFC1716A420 for ; Sat, 29 Dec 2007 02:47:05 +0000 (UTC) (envelope-from silby@silby.com) Received: from relay03.pair.com (relay03.pair.com [209.68.5.17]) by mx1.freebsd.org (Postfix) with SMTP id 62E9413C45D for ; Sat, 29 Dec 2007 02:47:05 +0000 (UTC) (envelope-from silby@silby.com) Received: (qmail 6137 invoked from network); 29 Dec 2007 02:20:24 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 29 Dec 2007 02:20:24 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 28 Dec 2007 20:20:20 -0600 (CST) From: Mike Silbersack To: Gunther Mayer In-Reply-To: <4774EB0F.90103@googlemail.com> Message-ID: <20071228200428.J6052@odysseus.silby.com> References: <477277FF.30504@googlemail.com> <86myrvhht9.fsf@ds4.des.no> <20071227195833.154b41ae@kan.dnsalias.net> <4774EB0F.90103@googlemail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org Subject: Re: ProPolice/SSP in 7.0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Dec 2007 02:47:05 -0000 On Fri, 28 Dec 2007, Gunther Mayer wrote: > Btw, I second the motion of having SSP enabled by default in FreeBSD, other > OS's have been doing this for years at a negligible performance overhead. > > Gunther It's too late to make that sort of change for FreeBSD 7.0, but I think that's a good goal for FreeBSD 8.0. Here's what I think you could do: 1. Verify that enabling SSP works properly. 2. Convince Kris Kennaway to run his mysql benchmarks on a FreeBSD 8 system both with and without SSP to verify that there is no significant slowdown. 3. Get it enabled on FreeBSD 8 by default. 4. Request that the change be made to FreeBSD 7.1 or 7.2 after it has proven to not cause problems on FreeBSD 8. Since the subject came up, I just tried using it, and it's not giving me the results I expected. Take the following program: #include #include #include void overrun(void); int main(void) { overrun(); } void overrun(void) { int x; char a[4]; int y; strcpy(a, "ABCDE"); printf("hi"); } If I compile it like so: > cc -g -fstack-protector-all overrun.c The overrun is detected and the program is aborted. > ./a.out Abort (core dumped) But if I compile it like so: > cc -g -fstack-protector overrun.c The overrun is not caught. > ./a.out hi> Either I'm doing something wrong, or we have gcc misconfigured and it's not detecting that strcpy is a function which needs to be watched closedly. Mike "Silby" Silbersack