From owner-freebsd-security  Thu Nov 16  8:38:44 2000
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139])
	by hub.freebsd.org (Postfix) with ESMTP id ED6A937B4C5
	for <security@FreeBSD.ORG>; Thu, 16 Nov 2000 08:38:37 -0800 (PST)
Received: (qmail 62777 invoked by uid 1000); 16 Nov 2000 16:38:36 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 16 Nov 2000 16:38:36 -0000
Date: Thu, 16 Nov 2000 10:38:36 -0600 (CST)
From: Mike Silbersack <silby@silby.com>
To: Andreas Alderud <aaldv97@student.vxu.se>
Cc: security@FreeBSD.ORG
Subject: Re: FYI: Propolice for gcc-2.95.2
In-Reply-To: <002501c04fd9$cc305130$8e00a8c0@XGod>
Message-ID: <Pine.BSF.4.21.0011161032310.62772-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Thu, 16 Nov 2000, Andreas Alderud wrote:

> Kris Kennaway <kris@FreeBSD.ORG> wrote:
> >Very cool..It would be useful to look at the feasibility of
> >integrating this into FreeBSD as an option.
>=20
> Probably a good id=E9a for 4.x series, but hardly needed in 5.x since
> TrusedBSD gets integrated into it.
> Release Candidate 1 of 4.2 is already released, no hope of seeing it in t=
he
> final 4.2 release, or?
>=20
> /Kind regards,
>     David A. Alderud

MAC and stack-smashing protection are certainly not mutally
exclusive.  Even if the base system is configured with strong access
barriers to compromised programs, there is still lesser mischief
that can be performed.

Additionally, it's very likely that people will still installed wu-ftpd,
qpopper, imapd, etc from ports.  None of trustedbsd's features will help
when confronted with the default behavior of these programs.  Stack
protection, on the other hand, would have prevented a good amount of the
past bugs in these programs, and will likely continue to be a good
protection method.

Personally, I'd like to see _both_ options be used to their full
potential.

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message