From owner-freebsd-arch@FreeBSD.ORG Fri Apr 18 13:48:20 2008 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 82E05106566B for ; Fri, 18 Apr 2008 13:48:20 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from postfix1-g20.free.fr (postfix1-g20.free.fr [212.27.60.42]) by mx1.freebsd.org (Postfix) with ESMTP id 19A298FC14 for ; Fri, 18 Apr 2008 13:48:20 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by postfix1-g20.free.fr (Postfix) with ESMTP id 923A72516F33 for ; Fri, 18 Apr 2008 15:30:03 +0200 (CEST) Received: from smtp5-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp5-g19.free.fr (Postfix) with ESMTP id 06FDB3F6401 for ; Fri, 18 Apr 2008 15:30:02 +0200 (CEST) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id E4AB83F62F4 for ; Fri, 18 Apr 2008 15:30:01 +0200 (CEST) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id B2BEE9BF12 for ; Fri, 18 Apr 2008 13:27:49 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id A4F97405B; Fri, 18 Apr 2008 15:27:49 +0200 (CEST) Date: Fri, 18 Apr 2008 15:27:49 +0200 From: Jeremie Le Hen To: freebsd-arch@FreeBSD.org Message-ID: <20080418132749.GB4840@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.15 (2007-04-06) Cc: Subject: Integration of ProPolice in FreeBSD X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2008 13:48:20 -0000 Hi, As you may already know I've integrated GCC's ProPolice into FreeBSD. The build infrastructure overlord, namely ru@, (I'm quoting kan@) has reviewed the patch and technically it is ready to hit the CVS tree. A few things should be discussed beforehand though. First, should we build world and/or kernel with SSP by default? I've scamped a trivial benchmark back in 2006: timing buildworld with and without SSP. You can found the result on my webpage: http://tataz.chchile.org/~tataz/FreeSBD/SSP/#section1 Also, the original ProPolice author achieved a thorough performance comparison with and without SSP, and the overhead is really small: http://www.trl.ibm.com/projects/security/ssp/node5.html I would like to reach a consensus on whether SSP should be opt-in or opt-out on FreeBSD. Another concern that Robert Watson showed back in 2006 [1] when I brought forward my patch was the compatibility between pre-SSP and post-SSP binaries/libraries. I'll try to make it simple and short. SSP requires two additional symbols that are kindly provided by libc. Any binary or library compiled with SSP will require them. As long as your libc contains the symbols, you can smoothly run pre-SSP applications with post-SSP libs as well as the other way around. Also Kris explained [2] that once applied, it is painful to try to revert the change (removing SSP symbols from libc). This is true but once the patch gets committed, it should hopefully never happen. [1] http://lists.freebsd.org/pipermail/freebsd-security/2006-May/003751.html [2] http://lists.freebsd.org/pipermail/freebsd-security/2006-May/003752.html Thank you. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >