Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 1 Dec 2006 20:17:45 -0600 (CST)
From:      Mike Silbersack <silby@silby.com>
To:        Joerg Sonnenberger <joerg@britannica.bec.de>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Hardening FreeBSD, does anyone have any documentation that may help?
Message-ID:  <20061201200031.C28845@odysseus.silby.com>
In-Reply-To: <20061121141958.GB721@britannica.bec.de>
References:  <455324F2.9090603@fugspbr.org> <20061120223407.GF20405@obiwan.tataz.chchile.org> <20061121115555.Y50450@fledge.watson.org> <20061121141958.GB721@britannica.bec.de>

next in thread | previous in thread | raw e-mail | index | archive | help


On Tue, 21 Nov 2006, Joerg Sonnenberger wrote:

> The code is integrated in GCC 4.1, patching if needed at all is quite
> contained.

But we're still running gcc 3.4.6, and won't be moving to gcc 4.1 on 6.x. 
The gcc 3.4.6 patch is the one we're reluctant to have to support.

> The ABI impact is limited to the stack guard cookie, the initialisation
> function and the failure handler. Three different solutions can be used:
> (1) The code can be part of a separate library (libssp).
> (2) The code can be part of libc (DragonFly, OpenBSD and glibc do this).
> (3) Like (2), but the cookie is part of the Thread Control Block, e.g.
> accessible via %gs. This is done on newer glibc systems and has the
> advantage of avoiding PIC references.

Can you point me to more information on which systems implement #3?

> The original benchmarks done with Propolice by IBM suggest typical
> degrations in the area of 2%-5%, depending on how many functions are
> called and not inlined and how many of them need to get the protection.
> The site of Etoh has more details.

One specific question about performance that came up was how much 
compiling libc with SSP enabled would impact the performance of 
applications.

I also brought up the topic of whether we might consider using the flag to 
enable SSP for all functions, rather than just the ones which use strings. 
We need to gather more empirical data on how many recent buffer overflows 
have been on non-string arrays.

Or is the default SSP option to protect all functions using arrays of any 
type rather than just arrays of strings?

Mike "Silby" Silbersack



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061201200031.C28845>