From owner-freebsd-security Thu Nov 16 15:32:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id D24EE37B479 for ; Thu, 16 Nov 2000 15:32:50 -0800 (PST) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id eAGNWnQ02628; Thu, 16 Nov 2000 16:32:49 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id QAA69958; Thu, 16 Nov 2000 16:32:48 -0700 (MST) Message-Id: <200011162332.QAA69958@harmony.village.org> To: Mike Silbersack Subject: Re: FYI: Propolice for gcc-2.95.2 Cc: KOJIMA Hajime , security@FreeBSD.ORG In-reply-to: Your message of "Wed, 15 Nov 2000 23:10:22 CST." References: Date: Thu, 16 Nov 2000 16:32:48 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Mike Silbersack writes: : One thing I'm unclear on is how propolice affects compatibility between : modules. Can I use a libc compiled without propolice and an app compiled : with it, or vice versa? It would appear that is the case given that there's a command line option to turn it on and off on a per module basis. Some of the protections look interesting, but some of them won't help too much. Every little bit helps. I'd worry about putting this into the base system. First, I'd worry about the performance impact of all this extra code in the base system. Second, I'd worry about bitrot when we move to new versions of the source. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message