From owner-freebsd-security@FreeBSD.ORG Thu Oct 27 06:31:34 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FF0816A41F for ; Thu, 27 Oct 2005 06:31:34 +0000 (GMT) (envelope-from jimmy@inet-solutions.be) Received: from mail.ihosting.be (vero.ihosting.be [83.217.81.43]) by mx1.FreeBSD.org (Postfix) with SMTP id 9F6D043D48 for ; Thu, 27 Oct 2005 06:31:32 +0000 (GMT) (envelope-from jimmy@inet-solutions.be) Received: (qmail 98884 invoked by uid 1033); 27 Oct 2005 06:35:31 -0000 Received: from jimmy@inet-solutions.be by excalibur.hyprotech.be by uid 1016 with qmail-scanner-1.20st (clamscan: 0.75. spamassassin: 2.63. Clear:RC:1(127.0.0.1):. Processed in 0.009979 secs); 27 Oct 2005 06:35:31 -0000 Received: from localhost (HELO vero.ihosting.be) (127.0.0.1) by mail.ihosting.be with SMTP; 27 Oct 2005 06:35:31 -0000 Received: (from jimmy@inet-solutions.be) by vero.ihosting.be (mini_sendmail/1.3.5 16nov2003); Thu, 27 Oct 2005 08:35:31 CEST (sender jimmy@inet-solutions.be by using webserver vero.ihosting.be path /www/ihosting/horde.ihosting.be/imp - report abuse to abuse@boxke.be) Received: from 194.78.143.3 ([194.78.143.3]) by webmail.boxke.be (IMP) with HTTP for ; Thu, 27 Oct 2005 08:35:31 +0200 Message-ID: <1130394931.43607533be6d7@webmail.boxke.be> Date: Thu, 27 Oct 2005 08:35:31 +0200 From: jimmy@inet-solutions.be To: db References: <200510270608.51571.db@traceroute.dk> In-Reply-To: <200510270608.51571.db@traceroute.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.3 X-Originating-IP: 194.78.143.3 Cc: freebsd-security@freebsd.org Subject: Re: Non-executable stack X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2005 06:31:34 -0000 Quoting db : > Hi all > > Does FreeBSD support a non-executable stack on any of the tier 1 and 2 > platforms that has this feature? > If not, are there any plans of implementing this and is there a patch I can > use for 6.0 (when it is released)? > > Best regards > db Hi, I don't think it will ever be in FreeBSD, but I used ProPolice in the past: http://www.research.ibm.com/trl/projects/security/ssp/buildfreebsd.html The patch should be for 5.x in general, I don't use it anymore since some ports will break, if you play with it you can disable it by default and enable it explicit when you are willing to compile a binary with it. Once applied and compiled the whole base with it enabled, you cannot just turn back! Kind regards, Jimmy Scott ---------------------------------------------------------------- This message has been sent through ihosting.be To report spamming or other unaccepted behavior by a iHosting customer, please send a message to abuse@ihosting.be ----------------------------------------------------------------