Date: Tue, 12 Aug 2003 11:26:36 -0700 From: "Chris Odell" <chris@redstarnetworks.net> To: <security@freebsd.org> Subject: RE: realpath(3) et al Message-ID: <001201c360ff$4458c0a0$0304a8c0@delllaptop> In-Reply-To: <006601c360c9$3c9cfc40$9f8d2ed5@internal>
next in thread | previous in thread | raw e-mail | index | archive | help
I would do the same - For Hosting providers this is actually a benefit for tax reasons - FreeBSD is a not for profit organization. Chris Odell -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Devon H. O'Dell Sent: Tuesday, August 12, 2003 5:00 AM To: 'Jason Stone'; security@freebsd.org Subject: RE: realpath(3) et al In any case, IBM has a stack smashing protection patch for GCC 3.3 on FreeBSD 4.8 available at http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html (the description page is at http://www.trl.ibm.com/projects/security/ssp/). It currently works in the latest cvsupped source from 5.1 as well (I've built and tested it). Kind regards, Devon H. O'Dell Systems and Network Engineer Simpli, Inc. Web Hosting http://www.simpli.biz > -----Oorspronkelijk bericht----- > Van: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- > security@freebsd.org] Namens Jason Stone > Verzonden: Tuesday, August 12, 2003 1:40 PM > Aan: security@freebsd.org > Onderwerp: RE: realpath(3) et al > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Protecting against stack smashing is quite important; I think many > > hosting environments not using LISP or other > > executable-stack-reliant packages would benefit from this. By > > negating the ability to execute injected code through a buffer > > overflow, security is highly increased. > > I think that this topic has come up before on the list - please check > the archives before you get into it again. > > I think that the consensus has been something along the lines of, it > would be nice, _but_: > > 1) It requires ugly tricks to implement on i386; > 2) It does not canonically stop the exploitation of buffer overruns - > yes, it stops the current attacks, but the underlying problem that an > attacker can change the flow of program execution remains; > 3) It would break a whole bunch of stuff. > > > -Jason > > > ------------------------------------------------------------------------ - > - > Freud himself was a bit of a cold fish, and one cannot avoid the > suspicion > that he was insufficiently fondled when he was an infant. > -- Ashley Montagu > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (FreeBSD) > Comment: See https://private.idealab.com/public/jason/jason.gpg > > iD8DBQE/ONIbswXMWWtptckRAmeWAKCR0+gKO1TeBncCaIzGaz0OuIaEnwCgpe7u > o6iRC44JMJe86lhPj7CqdEg= > =ijiO > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security- > unsubscribe@freebsd.org" _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001201c360ff$4458c0a0$0304a8c0>