From owner-freebsd-arch@FreeBSD.ORG Fri Apr 18 17:28:57 2008 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 379981065677 for ; Fri, 18 Apr 2008 17:28:57 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by mx1.freebsd.org (Postfix) with ESMTP id C5D4D8FC25 for ; Fri, 18 Apr 2008 17:28:56 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp5-g19.free.fr (Postfix) with ESMTP id C0C003F7C32; Fri, 18 Apr 2008 19:28:53 +0200 (CEST) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id 579E03F952E; Fri, 18 Apr 2008 19:01:12 +0200 (CEST) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 136D19BF12; Fri, 18 Apr 2008 16:59:00 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id F276C405B; Fri, 18 Apr 2008 18:58:59 +0200 (CEST) Date: Fri, 18 Apr 2008 18:58:59 +0200 From: Jeremie Le Hen To: Marcel Moolenaar Message-ID: <20080418165859.GD4840@obiwan.tataz.chchile.org> References: <20080418132749.GB4840@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.15 (2007-04-06) Cc: freebsd-arch@FreeBSD.org Subject: Re: Integration of ProPolice in FreeBSD X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2008 17:28:57 -0000 Hi Marcel, On Fri, Apr 18, 2008 at 08:52:42AM -0700, Marcel Moolenaar wrote: > > The build infrastructure overlord, namely ru@, (I'm quoting kan@) has > > reviewed the patch and technically it is ready to hit the CVS tree. > > > > A few things should be discussed beforehand though. > > > > First, should we build world and/or kernel with SSP by default? > > Really, first is: what platforms does this apply to and/or have > you tested this on? The patch enables SSP for all archs. Unfortunately I've not been able to test it myself on other arch than i386, but two years ago I've got a successful feedback from Pascal Hofstee on amd64. ISTR there was a sparc64 user too, but I'm not sure. This should theorically work for all arch as, from what I've read, ProPolice takes place at the intermediate representation level of the compiler. This should therefore be architecture agnostic. > > I would like to reach a consensus on whether SSP should be opt-in or > > opt-out on FreeBSD. > > That depends: what's the benefit of ProPolice on ia64? > > Also: please provide references to ProPolice. I think the original author's website will explain things better than me :-). http://www.trl.ibm.com/projects/security/ssp/ Basically, a "canary" is randomly chosen when the program starts (this part lives in libc). GCC inserts code in prologue and epilogue of all functions that contains a buffer of 8 or more bytes. In the prologue, the canary is pushed on the stack right after the return valued has been pushed, and this value is then checked in function epilogue. If the value in the stack has changed, there has been a buffer overflow ProPolice has originally been a patch against gcc2 and gcc3, but it has been integrated to GCC 4.1 IIRC. I hope this will answer to your concerns. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >