Date: Sat, 29 Oct 2005 07:36:55 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: db <db@traceroute.dk> Cc: freebsd-security@freebsd.org, jimmy@inet-solutions.be Subject: Re: Non-executable stack Message-ID: <20051029073411.F11965@odysseus.silby.com> In-Reply-To: <200510271511.36004.db@traceroute.dk> References: <200510270608.51571.db@traceroute.dk> <1130394931.43607533be6d7@webmail.boxke.be> <200510271511.36004.db@traceroute.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 27 Oct 2005, db wrote: > On Thursday 27 October 2005 06:35, you wrote: >> I don't think it will ever be in FreeBSD, but I used ProPolice in the past: > > I really hope it will. AFAIK OpenBSD implemented this in late 2002 when 3.2 > was released. I can see why FreeBSD doesn't want software protection of the > stack on systems like ia32, but on ia64 we have hardware support, so why not > be able to build a kernel with stack (and heap?) protection? The issue is not one of want, but one of practicality. FreeBSD updates to new versions of gcc relatively frequently, and having to update the propolice patch with each update (or waiting for an update) would be additional work. It appears that propolice has finally made its way into gcc 4.1, so hopefully that will be ready for FreeBSD 7. Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051029073411.F11965>