From owner-freebsd-security@FreeBSD.ORG  Thu Oct 27 15:11:37 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9FC7D16A41F
	for <freebsd-security@freebsd.org>;
	Thu, 27 Oct 2005 15:11:37 +0000 (GMT)
	(envelope-from db@traceroute.dk)
Received: from cicero0.cybercity.dk (cicero0.cybercity.dk [212.242.40.52])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3E8E143D48
	for <freebsd-security@freebsd.org>;
	Thu, 27 Oct 2005 15:11:37 +0000 (GMT)
	(envelope-from db@traceroute.dk)
Received: from user4.cybercity.dk (user4.cybercity.dk [212.242.41.50])
	by cicero0.cybercity.dk (Postfix) with ESMTP
	id C21EC2A886; Thu, 27 Oct 2005 17:11:34 +0200 (CEST)
Received: from trinita (port132.ds1-arsy.adsl.cybercity.dk [212.242.239.73])
	by user4.cybercity.dk (Postfix) with ESMTP
	id 7750550328; Thu, 27 Oct 2005 17:11:34 +0200 (CEST)
From: db <db@traceroute.dk>
To: jimmy@inet-solutions.be, freebsd-security@freebsd.org
Date: Thu, 27 Oct 2005 15:11:35 +0000
User-Agent: KMail/1.8.2
References: <200510270608.51571.db@traceroute.dk>
	<1130394931.43607533be6d7@webmail.boxke.be>
In-Reply-To: <1130394931.43607533be6d7@webmail.boxke.be>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200510271511.36004.db@traceroute.dk>
Cc: 
Subject: Re: Non-executable stack
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2005 15:11:37 -0000

On Thursday 27 October 2005 06:35, you wrote:
> I don't think it will ever be in FreeBSD, but I used ProPolice in the past:

I really hope it will. AFAIK OpenBSD implemented this in late 2002 when 3.2 
was released. I can see why FreeBSD doesn't want software protection of the 
stack on systems like ia32, but on ia64 we have hardware support, so why not 
be able to build a kernel with stack (and heap?) protection?

> http://www.research.ibm.com/trl/projects/security/ssp/buildfreebsd.html
>
> The patch should be for 5.x in general, I don't use it anymore since some
> ports will break, if you play with it you can disable it by default and
> enable it explicit when you are willing to compile a binary with it.

Ok thanks, but I was looking for a kernel level patch. Btw which ports will 
break?

br
db