From owner-freebsd-security@FreeBSD.ORG Tue Aug 12 13:49:37 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9CCAD37B405; Tue, 12 Aug 2003 13:49:37 -0700 (PDT) Received: from amsfep11-int.chello.nl (amsfep11-int.chello.nl [213.46.243.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD0A943F3F; Tue, 12 Aug 2003 13:49:35 -0700 (PDT) (envelope-from dodell@sitetronics.com) Received: from internal ([213.46.141.159]) by amsfep11-int.chello.nl (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP id <20030812204935.BPHE11121.amsfep11-int.chello.nl@internal>; Tue, 12 Aug 2003 22:49:35 +0200 From: "Devon H. O'Dell" To: "'Kris Kennaway'" , "'Jacques A. Vidrine'" , "'Jason Stone'" , , Date: Tue, 12 Aug 2003 22:49:33 +0200 Organization: SiteTronics Message-ID: <000e01c36113$3c6f8400$9f8d2ed5@internal> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 In-Reply-To: <20030812204804.GC49087@rot13.obsecurity.org> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: RE: realpath(3) et al X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Aug 2003 20:49:38 -0000 If you guys are too busy for maintaining this port, shall I take on this burden? --Devon > -----Oorspronkelijk bericht----- > Van: Kris Kennaway [mailto:kris@obsecurity.org] > Verzonden: Tuesday, August 12, 2003 10:48 PM > Aan: Jacques A. Vidrine; Devon H. O'Dell; 'Jason Stone'; > security@freebsd.org; kris@FreeBSD.org > Onderwerp: Re: realpath(3) et al >=20 > On Tue, Aug 12, 2003 at 02:59:46PM -0500, Jacques A. Vidrine wrote: > > On Tue, Aug 12, 2003 at 01:59:51PM +0200, Devon H. O'Dell wrote: > > > In any case, IBM has a stack smashing protection patch for GCC 3.3 = on > > > FreeBSD 4.8 available at > > > http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html = (the > > > description page is at = http://www.trl.ibm.com/projects/security/ssp/). > It > > > currently works in the latest cvsupped source from 5.1 as well = (I've > built > > > and tested it). > > > > http://www.research.ibm.com/trl/projects/security/ssp/ has the = latest. > > Yes, I'd like to see this in the base system as well. Our toolchain > > in 5.x is calming down a bit, maybe the timing is getting ripe. > > > > I thought Kris looked into this before, but I don't recall what = might > > have ultimately stopped him from making the commits. cc:ing him in > > case he has insight to share. >=20 > The gcc maintainer (David O'Brien at the time) was unwilling to > support the burden of an external gcc patch which would need to be > re-integrated by him each time a new gcc version was imported. >=20 > Instead, we agreed that the best solution was to make a port that uses > this patch, which can be updated periodically as the SSP authors track > new gcc releases. Neither of us followed through on this though. >=20 > Kris