From owner-freebsd-current@FreeBSD.ORG Fri May 26 18:41:33 2006 Return-Path: X-Original-To: freebsd-current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FC7316AC82; Fri, 26 May 2006 18:41:33 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53BB443D5E; Fri, 26 May 2006 18:41:32 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 6116746CB3; Fri, 26 May 2006 14:41:31 -0400 (EDT) Date: Fri, 26 May 2006 19:41:31 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Jeremie Le Hen In-Reply-To: <20060526153422.GB25953@obiwan.tataz.chchile.org> Message-ID: <20060526193048.Y77521@fledge.watson.org> References: <20060526153422.GB25953@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@FreeBSD.org, freebsd-current@FreeBSD.org Subject: Re: Integrating ProPolice/SSP into FreeBSD X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2006 18:41:36 -0000 On Fri, 26 May 2006, Jeremie Le Hen wrote: > first sorry for cross-posting but I thought this patch might interest > -CURRENT users as well as people concerned by security. > > I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step further > than it has been realized so far. This looks very neat. Could you remind me what, if any, ABI issues might exist? I'm familiar with the ideas behind ProPolice, but not the implementation. Can I use SSP-compied libraries with pre-SSP applications? Can I use post-SSP applications with pre-SSP binaries? At various points in the past, the issue of integrating stack protection techniques into the gcc code has come up. Did this ever go anywhere? Even Microsoft's compiler suite ships with statically compiled stack protection these days. In the past we've avoided local compiler changes in order to make it easier to track the vendor and avoid losing local compiler changes when upgrading. Robert N M Watson > > It is available here : > http://tataz.chchile.org/~tataz/FreeBSD/SSP/ > > Everything is explained on the web page, but I will repeat some > informations here. The patchset is splitted in two parts to ease the > review of the patch. The -propolice patch is only the original > ProPolice patch for GCC 3.4.4 applied on FreeBSD source tree. The > -freebsd patch contains the glue I have written to make things neat. > > The patch exists in both for CURRENT and RELENG_6. Both introduce a > new make.conf(5) (and src.conf(5)) knob to enable stack protection > on a per Makefile basis. It if of course possible to compile your > world with it. Please refer to the web page for more informations. > > The patch has been tested and works pretty well. My laptop and my > workstation at work are compiled with SSP : world, kernel and ports, > including X.org. > > I hope you will enjoy it. > Regards, > -- > Jeremie Le Hen > < jeremie at le-hen dot org >< ttz at chchile dot org > > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >