Date: Thu, 16 Nov 2000 10:38:36 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Andreas Alderud <aaldv97@student.vxu.se> Cc: security@FreeBSD.ORG Subject: Re: FYI: Propolice for gcc-2.95.2 Message-ID: <Pine.BSF.4.21.0011161032310.62772-100000@achilles.silby.com> In-Reply-To: <002501c04fd9$cc305130$8e00a8c0@XGod>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 16 Nov 2000, Andreas Alderud wrote: > Kris Kennaway <kris@FreeBSD.ORG> wrote: > >Very cool..It would be useful to look at the feasibility of > >integrating this into FreeBSD as an option. >=20 > Probably a good id=E9a for 4.x series, but hardly needed in 5.x since > TrusedBSD gets integrated into it. > Release Candidate 1 of 4.2 is already released, no hope of seeing it in t= he > final 4.2 release, or? >=20 > /Kind regards, > David A. Alderud MAC and stack-smashing protection are certainly not mutally exclusive. Even if the base system is configured with strong access barriers to compromised programs, there is still lesser mischief that can be performed. Additionally, it's very likely that people will still installed wu-ftpd, qpopper, imapd, etc from ports. None of trustedbsd's features will help when confronted with the default behavior of these programs. Stack protection, on the other hand, would have prevented a good amount of the past bugs in these programs, and will likely continue to be a good protection method. Personally, I'd like to see _both_ options be used to their full potential. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011161032310.62772-100000>