Date: Fri, 18 Apr 2008 11:46:18 -0700 From: Marcel Moolenaar <xcllnt@mac.com> To: Jeremie Le Hen <jeremie@le-hen.org> Cc: freebsd-arch@FreeBSD.org Subject: Re: Integration of ProPolice in FreeBSD Message-ID: <EF8CB674-A3AF-4B76-9DB0-366D3A9ED274@mac.com> In-Reply-To: <20080418165859.GD4840@obiwan.tataz.chchile.org> References: <20080418132749.GB4840@obiwan.tataz.chchile.org> <A9207463-477A-458C-A706-A55AA90DEE7A@mac.com> <20080418165859.GD4840@obiwan.tataz.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 18, 2008, at 9:58 AM, Jeremie Le Hen wrote: > This should theorically work for all arch as, from what I've read, > ProPolice takes place at the intermediate representation level of the > compiler. This should therefore be architecture agnostic. The question is whether it will actually make a difference on ia64? The stack does not contain any of the "objects" that ProPolice tries to protect from "stack-smashing" attacks, so what good is the added overhead? > Basically, a "canary" is randomly chosen when the program starts (this > part lives in libc). GCC inserts code in prologue and epilogue of all > functions that contains a buffer of 8 or more bytes. In the prologue, > the canary is pushed on the stack right after the return valued has > been > pushed, and this value is then checked in function epilogue. If the > value in the stack has changed, there has been a buffer overflow The ia64 architecture has been designed to eliminate use of the stack as much as possible for performance reasons. ProPolice does add significant overhead for no good reason AFAICT. So, let's assume at this time that ia64 is out and that an opt-out is reasonable (given that ia64 is expected to be the only one that doesn't need it). -- Marcel Moolenaar xcllnt@mac.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EF8CB674-A3AF-4B76-9DB0-366D3A9ED274>