From owner-freebsd-arch@FreeBSD.ORG Fri Apr 18 18:46:36 2008 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A9AD1065670 for ; Fri, 18 Apr 2008 18:46:36 +0000 (UTC) (envelope-from xcllnt@mac.com) Received: from smtpoutm.mac.com (smtpoutm.mac.com [17.148.16.70]) by mx1.freebsd.org (Postfix) with ESMTP id 708B08FC1E for ; Fri, 18 Apr 2008 18:46:31 +0000 (UTC) (envelope-from xcllnt@mac.com) Received: from mac.com (asmtp005-s [10.150.69.68]) by smtpoutm.mac.com (Xserve/smtpout007/MantshX 4.0) with ESMTP id m3IIkVQe001694; Fri, 18 Apr 2008 11:46:31 -0700 (PDT) Received: from macbook-pro.jnpr.net (natint3.juniper.net [66.129.224.36]) (authenticated bits=0) by mac.com (Xserve/asmtp005/MantshX 4.0) with ESMTP id m3IIkJaT000828 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 18 Apr 2008 11:46:22 -0700 (PDT) Message-Id: From: Marcel Moolenaar To: Jeremie Le Hen In-Reply-To: <20080418165859.GD4840@obiwan.tataz.chchile.org> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Date: Fri, 18 Apr 2008 11:46:18 -0700 References: <20080418132749.GB4840@obiwan.tataz.chchile.org> <20080418165859.GD4840@obiwan.tataz.chchile.org> X-Mailer: Apple Mail (2.919.2) Cc: freebsd-arch@FreeBSD.org Subject: Re: Integration of ProPolice in FreeBSD X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2008 18:46:36 -0000 On Apr 18, 2008, at 9:58 AM, Jeremie Le Hen wrote: > This should theorically work for all arch as, from what I've read, > ProPolice takes place at the intermediate representation level of the > compiler. This should therefore be architecture agnostic. The question is whether it will actually make a difference on ia64? The stack does not contain any of the "objects" that ProPolice tries to protect from "stack-smashing" attacks, so what good is the added overhead? > Basically, a "canary" is randomly chosen when the program starts (this > part lives in libc). GCC inserts code in prologue and epilogue of all > functions that contains a buffer of 8 or more bytes. In the prologue, > the canary is pushed on the stack right after the return valued has > been > pushed, and this value is then checked in function epilogue. If the > value in the stack has changed, there has been a buffer overflow The ia64 architecture has been designed to eliminate use of the stack as much as possible for performance reasons. ProPolice does add significant overhead for no good reason AFAICT. So, let's assume at this time that ia64 is out and that an opt-out is reasonable (given that ia64 is expected to be the only one that doesn't need it). -- Marcel Moolenaar xcllnt@mac.com