From owner-freebsd-security@FreeBSD.ORG  Sat Oct 29 12:37:00 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8AF7E16A420
	for <freebsd-security@freebsd.org>;
	Sat, 29 Oct 2005 12:37:00 +0000 (GMT) (envelope-from silby@silby.com)
Received: from relay03.pair.com (relay03.pair.com [209.68.5.17])
	by mx1.FreeBSD.org (Postfix) with SMTP id 04E1D43D46
	for <freebsd-security@freebsd.org>;
	Sat, 29 Oct 2005 12:36:59 +0000 (GMT) (envelope-from silby@silby.com)
Received: (qmail 90740 invoked from network); 29 Oct 2005 12:36:58 -0000
Received: from unknown (HELO localhost) (unknown)
	by unknown with SMTP; 29 Oct 2005 12:36:58 -0000
X-pair-Authenticated: 209.68.2.70
Date: Sat, 29 Oct 2005 07:36:55 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: db <db@traceroute.dk>
In-Reply-To: <200510271511.36004.db@traceroute.dk>
Message-ID: <20051029073411.F11965@odysseus.silby.com>
References: <200510270608.51571.db@traceroute.dk>
	<1130394931.43607533be6d7@webmail.boxke.be>
	<200510271511.36004.db@traceroute.dk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-security@freebsd.org, jimmy@inet-solutions.be
Subject: Re: Non-executable stack
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2005 12:37:00 -0000


On Thu, 27 Oct 2005, db wrote:

> On Thursday 27 October 2005 06:35, you wrote:
>> I don't think it will ever be in FreeBSD, but I used ProPolice in the past:
>
> I really hope it will. AFAIK OpenBSD implemented this in late 2002 when 3.2
> was released. I can see why FreeBSD doesn't want software protection of the
> stack on systems like ia32, but on ia64 we have hardware support, so why not
> be able to build a kernel with stack (and heap?) protection?

The issue is not one of want, but one of practicality.  FreeBSD updates 
to new versions of gcc relatively frequently, and having to update the 
propolice patch with each update (or waiting for an update) would be 
additional work.

It appears that propolice has finally made its way into gcc 4.1, so 
hopefully that will be ready for FreeBSD 7.

Mike "Silby" Silbersack