From owner-freebsd-security@FreeBSD.ORG Tue Aug 12 11:32:16 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEAC337B401 for ; Tue, 12 Aug 2003 11:32:16 -0700 (PDT) Received: from mail.redstarnetworks.net (www.redstarnetworks.net [216.240.150.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03F1043FAF for ; Tue, 12 Aug 2003 11:32:16 -0700 (PDT) (envelope-from chris@redstarnetworks.net) Received: (qmail 81650 invoked by uid 85); 12 Aug 2003 18:29:12 -0000 Received: from chris@redstarnetworks.net by colowww.redstarnetworks.net by uid 0 with qmail-scanner-1.16 (clamscan: 0.54. spamassassin: 2.50. Clear:. Processed in 0.680479 secs); 12 Aug 2003 18:29:12 -0000 Received: from unknown (HELO delllaptop) (208.57.57.9) by mail.redstarnetworks.net with SMTP; 12 Aug 2003 18:29:11 -0000 From: "Chris Odell" To: Date: Tue, 12 Aug 2003 11:26:36 -0700 Organization: Red Star Networks, INC Message-ID: <001201c360ff$4458c0a0$0304a8c0@delllaptop> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: <006601c360c9$3c9cfc40$9f8d2ed5@internal> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Subject: RE: realpath(3) et al X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: chris@redstarnetworks.net List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Aug 2003 18:32:17 -0000 I would do the same - For Hosting providers this is actually a benefit for tax reasons - FreeBSD is a not for profit organization. Chris Odell -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Devon H. O'Dell Sent: Tuesday, August 12, 2003 5:00 AM To: 'Jason Stone'; security@freebsd.org Subject: RE: realpath(3) et al In any case, IBM has a stack smashing protection patch for GCC 3.3 on FreeBSD 4.8 available at http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html (the description page is at http://www.trl.ibm.com/projects/security/ssp/). It currently works in the latest cvsupped source from 5.1 as well (I've built and tested it). Kind regards, Devon H. O'Dell Systems and Network Engineer Simpli, Inc. Web Hosting http://www.simpli.biz > -----Oorspronkelijk bericht----- > Van: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- > security@freebsd.org] Namens Jason Stone > Verzonden: Tuesday, August 12, 2003 1:40 PM > Aan: security@freebsd.org > Onderwerp: RE: realpath(3) et al > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Protecting against stack smashing is quite important; I think many > > hosting environments not using LISP or other > > executable-stack-reliant packages would benefit from this. By > > negating the ability to execute injected code through a buffer > > overflow, security is highly increased. > > I think that this topic has come up before on the list - please check > the archives before you get into it again. > > I think that the consensus has been something along the lines of, it > would be nice, _but_: > > 1) It requires ugly tricks to implement on i386; > 2) It does not canonically stop the exploitation of buffer overruns - > yes, it stops the current attacks, but the underlying problem that an > attacker can change the flow of program execution remains; > 3) It would break a whole bunch of stuff. > > > -Jason > > > ------------------------------------------------------------------------ - > - > Freud himself was a bit of a cold fish, and one cannot avoid the > suspicion > that he was insufficiently fondled when he was an infant. > -- Ashley Montagu > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (FreeBSD) > Comment: See https://private.idealab.com/public/jason/jason.gpg > > iD8DBQE/ONIbswXMWWtptckRAmeWAKCR0+gKO1TeBncCaIzGaz0OuIaEnwCgpe7u > o6iRC44JMJe86lhPj7CqdEg= > =ijiO > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security- > unsubscribe@freebsd.org" _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"