From owner-freebsd-arch@FreeBSD.ORG Fri Apr 18 19:21:02 2008 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8F5591065671 for ; Fri, 18 Apr 2008 19:21:02 +0000 (UTC) (envelope-from xcllnt@mac.com) Received: from smtpoutm.mac.com (smtpoutm.mac.com [17.148.16.77]) by mx1.freebsd.org (Postfix) with ESMTP id 75EDB8FC18 for ; Fri, 18 Apr 2008 19:21:02 +0000 (UTC) (envelope-from xcllnt@mac.com) Received: from mac.com (asmtp007-s [10.150.69.70]) by smtpoutm.mac.com (Xserve/smtpout014/MantshX 4.0) with ESMTP id m3IJL2CC027102; Fri, 18 Apr 2008 12:21:02 -0700 (PDT) Received: from macbook-pro.jnpr.net (natint3.juniper.net [66.129.224.36]) (authenticated bits=0) by mac.com (Xserve/asmtp007/MantshX 4.0) with ESMTP id m3IJKkoZ016377 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 18 Apr 2008 12:20:59 -0700 (PDT) Message-Id: <4D7941ED-03BA-4F3B-8590-65EA8142EC00@mac.com> From: Marcel Moolenaar To: Max Laier In-Reply-To: <200804181945.59189.max@love2party.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Date: Fri, 18 Apr 2008 12:20:45 -0700 References: <20080418132749.GB4840@obiwan.tataz.chchile.org> <200804181945.59189.max@love2party.net> X-Mailer: Apple Mail (2.919.2) Cc: Jeremie Le Hen , freebsd-arch@freebsd.org Subject: Re: Integration of ProPolice in FreeBSD X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2008 19:21:02 -0000 On Apr 18, 2008, at 10:45 AM, Max Laier wrote: > On Friday 18 April 2008 15:27:49 Jeremie Le Hen wrote: >> Hi, >> >> As you may already know I've integrated GCC's ProPolice into FreeBSD. >> The build infrastructure overlord, namely ru@, (I'm quoting kan@) has >> reviewed the patch and technically it is ready to hit the CVS tree. >> >> A few things should be discussed beforehand though. >> >> First, should we build world and/or kernel with SSP by default? I've >> scamped a trivial benchmark back in 2006: timing buildworld with and >> without SSP. You can found the result on my webpage: >> http://tataz.chchile.org/~tataz/FreeSBD/SSP/#section1 > > 404 :-\ > >> Also, the original ProPolice author achieved a thorough performance >> comparison with and without SSP, and the overhead is really small: >> http://www.trl.ibm.com/projects/security/ssp/node5.html >> I would like to reach a consensus on whether SSP should be opt-in or >> opt-out on FreeBSD. >> >> >> Another concern that Robert Watson showed back in 2006 [1] when I >> brought >> forward my patch was the compatibility between pre-SSP and post-SSP >> binaries/libraries. >> >> I'll try to make it simple and short. SSP requires two additional >> symbols that are kindly provided by libc. Any binary or library >> compiled with SSP will require them. As long as your libc contains >> the >> symbols, you can smoothly run pre-SSP applications with post-SSP >> libs as >> well as the other way around. >> >> Also Kris explained [2] that once applied, it is painful to try to >> revert the change (removing SSP symbols from libc). This is true but >> once the patch gets committed, it should hopefully never happen. > > So I'd suggest something along the lines of: > > 1) Add the needed support symbols to libc (they don't hurt anyone, > right?) autoconf? With tools like autoconf, I'm much less inclined to say that some unused symbol, library, header or whatever is harmless. I've turned into a "if we don't use it, don't add/keep it" person :-) -- Marcel Moolenaar xcllnt@mac.com