From owner-freebsd-hackers@freebsd.org  Mon Mar  4 19:25:41 2019
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8EB01151FFD0
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Mon,  4 Mar 2019 19:25:41 +0000 (UTC) (envelope-from ap00@mail.ru)
Received: from smtp14.mail.ru (smtp14.mail.ru [94.100.181.95])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 328F483649
 for <freebsd-hackers@freebsd.org>; Mon,  4 Mar 2019 19:25:39 +0000 (UTC)
 (envelope-from ap00@mail.ru)
Received: by smtp14.mail.ru with esmtpa (envelope-from <ap00@mail.ru>)
 id 1h0tDO-00032k-0g; Mon, 04 Mar 2019 22:25:30 +0300
Date: Mon, 4 Mar 2019 22:25:26 +0300
From: Anthony Pankov <ap00@mail.ru>
X-Priority: 3 (Normal)
Message-ID: <577261663.20190304222526@mail.ru>
To: Shawn Webb <shawn.webb@hardenedbsd.org>
CC: Anthony Pankov via freebsd-hackers <freebsd-hackers@freebsd.org>
Subject: Re: building with WITHOUT_SSP side effect
In-Reply-To: <20190304180533.rkpfkg5qxmhifeiy@mutt-hbsd>
References: <434119194.20190304190732@mail.ru>
 <1122478880.20190304195602@mail.ru> 
 <20190304171351.GQ68879@kib.kiev.ua> <1032136115.20190304203133@mail.ru>
 <20190304173937.GR68879@kib.kiev.ua> <1178496353.20190304205634@mail.ru>
 <20190304180533.rkpfkg5qxmhifeiy@mutt-hbsd>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-77F55803: 2D1AD755E866B1545A78504BD2AC294173B5FE5E8078F296BC8A6DABA11CA760A72207F55358C5EBE5C0825993A36E7A
X-7FA49CB5: 0D63561A33F958A5BEFCD66EC12C75CE0B53608618351A6D981F630370E5D2DF8941B15DA834481FA18204E546F3947CD2DCF9CF1F528DBCF6B57BC7E64490618DEB871D839B7333395957E7521B51C2545D4CF71C94A83E9FA2833FD35BB23D27C277FBC8AE2E8B974A882099E279BDA471835C12D1D977C4224003CC8364767815B9869FA544D8D32BA5DBAC0009BE9E8FC8737B5C2249D99FB7B2A39B49613AA81AA40904B5D9CF19DD082D7633A0E7DDDDC251EA7DABD81D268191BDAD3D78DA827A17800CE7FBC5FED0552DA851CD04E86FAF290E2D40A5AABA2AD3711975ECD9A6C639B01B78DA827A17800CE7ED9A86E2EB61E0EA46C550781D382B8C75ECD9A6C639B01B4E70A05D1297E1BBC6867C52282FAC85D9B7C4F32B44FF57285124B2A10EEC6C00306258E7E6ABB4E4A6367B16DE6309
X-Mailru-Sender: D8D48EF70163D79D00784CDFC8FD3107F5F70E5BCFE1B6DD4883F302D92DCF67E9E5CDC777A08C4150D5CF8590B94F4EC77752E0C033A69E81198BD1A48777B793AC9912533B2342AE208404248635DF
X-Mras: OK
X-Rspamd-Queue-Id: 328F483649
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.76 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:94.100.176.0/20];
 FREEMAIL_FROM(0.00)[mail.ru]; TO_DN_ALL(0.00)[];
 MX_GOOD(-0.01)[cached: mxs.mail.ru];
 DKIM_TRACE(0.00)[mail.ru:+]; HAS_X_PRIO_THREE(0.00)[3];
 NEURAL_HAM_SHORT(-0.68)[-0.677,0]; RCPT_COUNT_TWO(0.00)[2];
 DMARC_POLICY_ALLOW(-0.50)[mail.ru,reject];
 RCVD_IN_DNSWL_LOW(-0.10)[95.181.100.94.list.dnswl.org : 127.0.5.1];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 FREEMAIL_ENVFROM(0.00)[mail.ru];
 ASN(0.00)[asn:47764, ipnet:94.100.176.0/20, country:RU];
 MID_RHS_MATCH_FROM(0.00)[];
 DWL_DNSWL_NONE(0.00)[mail.ru.dwl.dnswl.org : 127.0.5.0];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.997,0];
 R_DKIM_ALLOW(-0.20)[mail.ru:s=mail2]; FROM_HAS_DN(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain];
 RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 IP_SCORE(0.03)[ipnet: 94.100.176.0/20(0.08), asn: 47764(0.05), country:
 RU(0.00)]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 19:25:41 -0000

In  my  case  no  applications  from  the  base  "world" listen to the
internet (no open ports from syslogd, bind, sendmail, etc). Also there
is no public login to servers.

So  I  see  SSP  as  waste of billions and billions instruction. The
probability  of  joint  events: the known user become an evil hacker
AND  the  weakest point is the buffer overflow in systems base world -
is  near  zero.  At  least  because weakest point can be obtained more
easily from misconfiguration, additional packages etc.

The   idea   was   to  throw  out  SSP  from kernel and base world but
fortify  sshd,  postfix etc. But things went not as smooth as desired.

> I'm curious about your use case for building without stack cookies.

> Thanks,

-- 
Best regards,
 Anthony Pankov                          mailto:ap00@mail.ru