Date: Fri, 25 Sep 2015 05:21:52 -0400 From: "Chad J. Milios" <milios@ccsys.com> To: Pedro Giffuni <pfg@FreeBSD.org> Cc: freeBSD-security@FreeBSD.org Subject: Re: RFC Stack protector strong Message-ID: <89B05640-7733-4FAA-8E2C-3209EC546837@ccsys.com> In-Reply-To: <56043FEF.7040307@FreeBSD.org> References: <56043FEF.7040307@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sep 24, 2015, at 2:24 PM, Pedro Giffuni <pfg@FreeBSD.org> wrote: >=20 > (excuse me if you get this message repeated .. I hit the wrong list previo= usly) >=20 > Hello; >=20 > Our current stack protection is very weak (about 1-2 % coverage). > Google engineers have developed a new level of protection > (about 20% coverage) that according to Google and Redhat has > a negligible impact on performance. >=20 > I have opened a code review with a simple update to the default > setting for our stack protector: >=20 > https://reviews.freebsd.org/D3463/ >=20 > Sadly I haven't received much feedback. >=20 > I have no hurry to commit this but as stated in the review I think it > is worthwhile. I don=E2=80=99t expect any issue, but it would be better to= apply > this change soonish rather than later so any collateral issues are > detected and worked out with ample time before 11-Release. >=20 > Any objection? If there is no feedback I will just play with other > things. >=20 > Pedro. That URL did not work for me (404). I found what you are directing us toward= instead at https://reviews.freebsd.org/D3463 I like what I'm reading so far, alas I am a nobody. Could you clarify/elaborate what is meant when you say "coverage" and using t= hese approximate percentages as a metric? Compare and contrast the safestack= approach for us, if you would, as well. Please bear with me, I am a C novic= e and what I know about the magic of compilers could fit on a Post-it Note, t= he really small kind. While I acknowledge I have no place in this conversati= on, I think it would draw more people into the discussion if you'd be willin= g to educate us laypeople a little as attempting to teach often exposes the o= verlooked gaps in ones own knowledge. I understand the difference between a heap and a stack, the process model, t= he idea of a virtualized memory address space, kernel and user modes of exec= ution and that is about where my expertise ends. I have a vague understandin= g of how function calls happen, what a system call interface is, an ABI, an I= SA, buffer overflows and such as concepts but little experience with the mec= hanics of any of the aforementioned. I know that things like W^X and MMUs an= d some mythical "rings" exist to make our lives safer and more productive bu= t as for how they work or if we can trust them, I generally must defer to gr= eater minds whom I then judge by superficial traits such as the size and mes= siness of their beards and the variety and age of their shirts, both t- and H= awaiian. Without simply referring me to a full bookshelf of thousand-page books is th= ere a way people such as myself could become more helpful at assessing such a= change? If I enable this on a couple of systems what sorts of breakage or i= mpact should I be looking for? This is an invitation for anyone to enlighten me, not only the original post= er. I'm sure there are a hundred more lurkers afraid to ask. Thank you for contributing.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?89B05640-7733-4FAA-8E2C-3209EC546837>