Date: Tue, 12 Aug 2003 13:21:11 +0200 From: "Devon H. O'Dell" <dodell@sitetronics.com> To: "'Peter Jeremy'" <PeterJeremy@optushome.com.au> Cc: security@freebsd.org Subject: RE: realpath(3) et al Message-ID: <004001c360c3$da6cf9d0$9f8d2ed5@internal> In-Reply-To: <20030812111522.GA66788@cirb503493.alcatel.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
It, would though, be trivial to implement this with a #define based upon = the kernel configuration, would it not? Protecting against stack smashing is quite important; I think many hosting environments not using LISP or = other executable-stack-reliant packages would benefit from this. By negating = the ability to execute injected code through a buffer overflow, security is highly increased. By implementing it as a kernel configuration option, I don't think we would lose out at all. Kind regards, Devon H. O'Dell Systems and Network Engineer Simpli, Inc. Web Hosting http://www.simpli.biz > -----Oorspronkelijk bericht----- > Van: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- > security@freebsd.org] Namens Peter Jeremy > Verzonden: Tuesday, August 12, 2003 1:15 PM > Aan: Devon H. O'Dell > CC: security@freebsd.org > Onderwerp: Re: realpath(3) et al >=20 > On Tue, Aug 12, 2003 at 11:02:16AM +0200, Devon H. O'Dell wrote: > >Features such as a protected stack should, IMO, be implemented as = soon as > >possible to keep FreeBSD heads-afloat right now in the security = sense.... > >OpenBSD has implemented this already and there are many patches for = Linux > to > >do the same... why don't we go ahead and shove some of this code into CVS? >=20 > By "protected" I presume you mean "non-executable". Whilst making the > stack non-executable is trivial, making the system still work isn't. > I believe the FreeBSD signal handling still relies on a signal > trampoline on the stack. Some ports also expect an executable stack > (most commonly lisp implementations). >=20 > Some years ago, I tried implementing a non-executable stack on a > Solaris box. Interleaf promptly stopped working so I had to undo the > change. >=20 > Peter > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security- > unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004001c360c3$da6cf9d0$9f8d2ed5>