From owner-freebsd-current@FreeBSD.ORG Fri May 26 22:35:50 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 58B8516B415 for ; Fri, 26 May 2006 22:35:50 +0000 (UTC) (envelope-from kabaev@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC03A43D6A for ; Fri, 26 May 2006 22:35:48 +0000 (GMT) (envelope-from kabaev@gmail.com) Received: by wr-out-0506.google.com with SMTP id i24so160229wra for ; Fri, 26 May 2006 15:35:48 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer:mime-version:content-type; b=f5O36VtjC1z2+A3Z+giyMZhfq6rIFiiJih94u/EiqwBZggw2dZVcZP+eArelnZRzrGXqiB2K9SARTz35zMY+nyn26fYVIRW/2obo2aIEEUaDMqvTgdt5fRNHIrw1vbt1TKsrJR/gW1HNZ5nd00ff4guv9SbK95S3ODtu3eqQ5jc= Received: by 10.65.219.8 with SMTP id w8mr2075912qbq; Fri, 26 May 2006 15:35:48 -0700 (PDT) Received: from kan.dnsalias.net ( [24.63.93.195]) by mx.gmail.com with ESMTP id e19sm274369qbe.2006.05.26.15.35.47; Fri, 26 May 2006 15:35:47 -0700 (PDT) Date: Fri, 26 May 2006 18:35:54 -0400 From: Alexander Kabaev To: Jeremie Le Hen Message-ID: <20060526183554.25d5cc0d@kan.dnsalias.net> In-Reply-To: <20060526153422.GB25953@obiwan.tataz.chchile.org> References: <20060526153422.GB25953@obiwan.tataz.chchile.org> X-Mailer: Sylpheed-Claws 2.2.0 (GTK+ 2.8.17; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_c/0KbfSaUeTfzD870VcpDvZ"; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Mailman-Approved-At: Fri, 26 May 2006 22:38:31 +0000 Cc: freebsd-security@FreeBSD.org, freebsd-current@FreeBSD.org Subject: Re: Integrating ProPolice/SSP into FreeBSD X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2006 22:35:53 -0000 --Sig_c/0KbfSaUeTfzD870VcpDvZ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Fri, 26 May 2006 17:34:22 +0200 Jeremie Le Hen wrote: > Hi, >=20 > first sorry for cross-posting but I thought this patch might interest > -CURRENT users as well as people concerned by security. >=20 > I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step > further than it has been realized so far. >=20 > It is available here : > http://tataz.chchile.org/~tataz/FreeBSD/SSP/ >=20 > Everything is explained on the web page, but I will repeat some > informations here. The patchset is splitted in two parts to ease the > review of the patch. The -propolice patch is only the original > ProPolice patch for GCC 3.4.4 applied on FreeBSD source tree. The > -freebsd patch contains the glue I have written to make things neat. >=20 > The patch exists in both for CURRENT and RELENG_6. Both introduce a > new make.conf(5) (and src.conf(5)) knob to enable stack protection > on a per Makefile basis. It if of course possible to compile your > world with it. Please refer to the web page for more informations. > =20 > The patch has been tested and works pretty well. My laptop and my > workstation at work are compiled with SSP : world, kernel and ports, > including X.org. >=20 > I hope you will enjoy it. > Regards, > --=20 > Jeremie Le Hen > < jeremie at le-hen dot org >< ttz at chchile dot org > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" How does this compare to GCC 4.x mudflap feature? I do not plan to include Propolice patch into base system any time soon and will object anyone trying to do so due to future maintenance headaches this will inevitably create. GCC 4.1.1 import is in the works though and should be available shortly. --=20 Alexander Kabaev --Sig_c/0KbfSaUeTfzD870VcpDvZ Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEd4LQQ6z1jMm+XZYRAjHnAKDOWtvyQ+zrn6Zvnh+EKskJpp2oKwCdHMYg 4AyTmQUN25bjEgP2qQ78FtU= =yfuW -----END PGP SIGNATURE----- --Sig_c/0KbfSaUeTfzD870VcpDvZ--