From owner-freebsd-security@FreeBSD.ORG Tue Aug 12 13:48:05 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E37F337B401; Tue, 12 Aug 2003 13:48:05 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-64-169-107-97.dsl.lsan03.pacbell.net [64.169.107.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0CF3C43FA3; Tue, 12 Aug 2003 13:48:05 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id B2A8766B04; Tue, 12 Aug 2003 13:48:04 -0700 (PDT) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id 89A65788; Tue, 12 Aug 2003 13:48:04 -0700 (PDT) Date: Tue, 12 Aug 2003 13:48:04 -0700 From: Kris Kennaway To: "Jacques A. Vidrine" , "Devon H. O'Dell" , 'Jason Stone' , security@freebsd.org, kris@FreeBSD.org Message-ID: <20030812204804.GC49087@rot13.obsecurity.org> References: <20030812042912.V3417@walter> <006601c360c9$3c9cfc40$9f8d2ed5@internal> <20030812195946.GB51604@madman.celabo.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="RIYY1s2vRbPFwWeW" Content-Disposition: inline In-Reply-To: <20030812195946.GB51604@madman.celabo.org> User-Agent: Mutt/1.4.1i Subject: Re: realpath(3) et al X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Aug 2003 20:48:06 -0000 --RIYY1s2vRbPFwWeW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 12, 2003 at 02:59:46PM -0500, Jacques A. Vidrine wrote: > On Tue, Aug 12, 2003 at 01:59:51PM +0200, Devon H. O'Dell wrote: > > In any case, IBM has a stack smashing protection patch for GCC 3.3 on > > FreeBSD 4.8 available at > > http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html (the > > description page is at http://www.trl.ibm.com/projects/security/ssp/). = It > > currently works in the latest cvsupped source from 5.1 as well (I've bu= ilt > > and tested it). >=20 > http://www.research.ibm.com/trl/projects/security/ssp/ has the latest. > Yes, I'd like to see this in the base system as well. Our toolchain > in 5.x is calming down a bit, maybe the timing is getting ripe. >=20 > I thought Kris looked into this before, but I don't recall what might > have ultimately stopped him from making the commits. cc:ing him in > case he has insight to share. The gcc maintainer (David O'Brien at the time) was unwilling to support the burden of an external gcc patch which would need to be re-integrated by him each time a new gcc version was imported. Instead, we agreed that the best solution was to make a port that uses this patch, which can be updated periodically as the SSP authors track new gcc releases. Neither of us followed through on this though. Kris --RIYY1s2vRbPFwWeW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/OVKDWry0BWjoQKURAoqsAJ9aF/dhvDwY32oCSTmFrwebYWUaEQCg46pO XaB1Yi3LBebp6pSmn7eJUY8= =cypF -----END PGP SIGNATURE----- --RIYY1s2vRbPFwWeW--