Date: Thu, 27 Oct 2005 15:11:35 +0000 From: db <db@traceroute.dk> To: jimmy@inet-solutions.be, freebsd-security@freebsd.org Subject: Re: Non-executable stack Message-ID: <200510271511.36004.db@traceroute.dk> In-Reply-To: <1130394931.43607533be6d7@webmail.boxke.be> References: <200510270608.51571.db@traceroute.dk> <1130394931.43607533be6d7@webmail.boxke.be>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 27 October 2005 06:35, you wrote: > I don't think it will ever be in FreeBSD, but I used ProPolice in the past: I really hope it will. AFAIK OpenBSD implemented this in late 2002 when 3.2 was released. I can see why FreeBSD doesn't want software protection of the stack on systems like ia32, but on ia64 we have hardware support, so why not be able to build a kernel with stack (and heap?) protection? > http://www.research.ibm.com/trl/projects/security/ssp/buildfreebsd.html > > The patch should be for 5.x in general, I don't use it anymore since some > ports will break, if you play with it you can disable it by default and > enable it explicit when you are willing to compile a binary with it. Ok thanks, but I was looking for a kernel level patch. Btw which ports will break? br db
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510271511.36004.db>