From owner-freebsd-security Mon Oct 29 10:41:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from cithaeron.argolis.org (bgm-24-169-175-136.stny.rr.com [24.169.175.136]) by hub.freebsd.org (Postfix) with ESMTP id C197137B407 for ; Mon, 29 Oct 2001 10:40:55 -0800 (PST) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.11.6/8.11.4) with ESMTP id f9TIejd17675; Mon, 29 Oct 2001 13:40:45 -0500 (EST) (envelope-from piechota@argolis.org) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Mon, 29 Oct 2001 13:40:45 -0500 (EST) From: Matt Piechota To: Luc Cc: , Krzysztof Zaraska Subject: Re: BUFFER OVERFLOW EXPLOITS In-Reply-To: <3BDD11C8.4746A7BD@2113.ch> Message-ID: <20011029133604.D17640-100000@cithaeron.argolis.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 29 Oct 2001, Luc wrote: > Can one confirm we may prevent FreeBSD buffer overflow > using this document: > > "GCC extension for protecting applications from stack-smashing attacks" > http://www.trl.ibm.com/projects/security/ssp/ > > Why isn't FreeBSD built with such extension (by default) ? MY first though would be that it "add applictation code at compile time" which would slow the system down to a certian degree, and it seems to be somewhat beta, so you may run into bugs. Be interesting to try though (they have instructions to build FreeBSD using it). On the other hand, stack overflows are generally due to sloppy programming, so adding code and overhead to facilitate being lazy seems to be the wrong way to attack a problem. -- Matt Piechota Finger piechota@emailempire.com for PGP key AOL IM: cithaeron To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message