Date: Mon, 29 Oct 2001 13:40:45 -0500 (EST) From: Matt Piechota <piechota@argolis.org> To: Luc <luc@2113.ch> Cc: <freebsd-security@FreeBSD.ORG>, Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> Subject: Re: BUFFER OVERFLOW EXPLOITS Message-ID: <20011029133604.D17640-100000@cithaeron.argolis.org> In-Reply-To: <3BDD11C8.4746A7BD@2113.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 29 Oct 2001, Luc wrote: > Can one confirm we may prevent FreeBSD buffer overflow > using this document: > > "GCC extension for protecting applications from stack-smashing attacks" > http://www.trl.ibm.com/projects/security/ssp/ > > Why isn't FreeBSD built with such extension (by default) ? MY first though would be that it "add applictation code at compile time" which would slow the system down to a certian degree, and it seems to be somewhat beta, so you may run into bugs. Be interesting to try though (they have instructions to build FreeBSD using it). On the other hand, stack overflows are generally due to sloppy programming, so adding code and overhead to facilitate being lazy seems to be the wrong way to attack a problem. -- Matt Piechota Finger piechota@emailempire.com for PGP key AOL IM: cithaeron To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011029133604.D17640-100000>