From owner-freebsd-security@FreeBSD.ORG Tue Aug 12 05:00:09 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7793837B405 for ; Tue, 12 Aug 2003 05:00:09 -0700 (PDT) Received: from amsfep12-int.chello.nl (amsfep12-int.chello.nl [213.46.243.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id B153843F3F for ; Tue, 12 Aug 2003 05:00:07 -0700 (PDT) (envelope-from dodell@sitetronics.com) Received: from internal ([213.46.141.159]) by amsfep12-int.chello.nl (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP id <20030812120006.SBWX1274.amsfep12-int.chello.nl@internal>; Tue, 12 Aug 2003 14:00:06 +0200 From: "Devon H. O'Dell" To: "'Jason Stone'" , Date: Tue, 12 Aug 2003 13:59:51 +0200 Organization: SiteTronics Message-ID: <006601c360c9$3c9cfc40$9f8d2ed5@internal> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 In-Reply-To: <20030812042912.V3417@walter> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: realpath(3) et al X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Aug 2003 12:00:09 -0000 In any case, IBM has a stack smashing protection patch for GCC 3.3 on FreeBSD 4.8 available at http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html (the description page is at http://www.trl.ibm.com/projects/security/ssp/). = It currently works in the latest cvsupped source from 5.1 as well (I've = built and tested it). Kind regards, Devon H. O'Dell Systems and Network Engineer Simpli, Inc. Web Hosting http://www.simpli.biz > -----Oorspronkelijk bericht----- > Van: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- > security@freebsd.org] Namens Jason Stone > Verzonden: Tuesday, August 12, 2003 1:40 PM > Aan: security@freebsd.org > Onderwerp: RE: realpath(3) et al >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 >=20 > > Protecting against stack smashing is quite important; I think many > > hosting environments not using LISP or other = executable-stack-reliant > > packages would benefit from this. By negating the ability to execute > > injected code through a buffer overflow, security is highly = increased. >=20 > I think that this topic has come up before on the list - please check = the > archives before you get into it again. >=20 > I think that the consensus has been something along the lines of, it = would > be nice, _but_: >=20 > 1) It requires ugly tricks to implement on i386; > 2) It does not canonically stop the exploitation of buffer overruns - > yes, it stops the current attacks, but the underlying problem that = an > attacker can change the flow of program execution remains; > 3) It would break a whole bunch of stuff. >=20 >=20 > -Jason >=20 > = -------------------------------------------------------------------------= > - > Freud himself was a bit of a cold fish, and one cannot avoid the > suspicion > that he was insufficiently fondled when he was an infant. > -- Ashley Montagu > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (FreeBSD) > Comment: See https://private.idealab.com/public/jason/jason.gpg >=20 > iD8DBQE/ONIbswXMWWtptckRAmeWAKCR0+gKO1TeBncCaIzGaz0OuIaEnwCgpe7u > o6iRC44JMJe86lhPj7CqdEg=3D > =3DijiO > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security- > unsubscribe@freebsd.org"