Date: Mon, 4 Mar 2019 22:25:26 +0300 From: Anthony Pankov <ap00@mail.ru> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: Anthony Pankov via freebsd-hackers <freebsd-hackers@freebsd.org> Subject: Re: building with WITHOUT_SSP side effect Message-ID: <577261663.20190304222526@mail.ru> In-Reply-To: <20190304180533.rkpfkg5qxmhifeiy@mutt-hbsd> References: <434119194.20190304190732@mail.ru> <1122478880.20190304195602@mail.ru> <20190304171351.GQ68879@kib.kiev.ua> <1032136115.20190304203133@mail.ru> <20190304173937.GR68879@kib.kiev.ua> <1178496353.20190304205634@mail.ru> <20190304180533.rkpfkg5qxmhifeiy@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
In my case no applications from the base "world" listen to the internet (no open ports from syslogd, bind, sendmail, etc). Also there is no public login to servers. So I see SSP as waste of billions and billions instruction. The probability of joint events: the known user become an evil hacker AND the weakest point is the buffer overflow in systems base world - is near zero. At least because weakest point can be obtained more easily from misconfiguration, additional packages etc. The idea was to throw out SSP from kernel and base world but fortify sshd, postfix etc. But things went not as smooth as desired. > I'm curious about your use case for building without stack cookies. > Thanks, -- Best regards, Anthony Pankov mailto:ap00@mail.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?577261663.20190304222526>