Date: Mon, 29 Oct 2001 12:48:30 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Matt Piechota <piechota@argolis.org> Cc: Luc <luc@2113.ch>, <freebsd-security@FreeBSD.ORG>, Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> Subject: Re: BUFFER OVERFLOW EXPLOITS Message-ID: <20011029124352.K1182-100000@achilles.silby.com> In-Reply-To: <20011029133604.D17640-100000@cithaeron.argolis.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 29 Oct 2001, Matt Piechota wrote: > On Mon, 29 Oct 2001, Luc wrote: > > > Can one confirm we may prevent FreeBSD buffer overflow > > using this document: > > > > "GCC extension for protecting applications from stack-smashing attacks" > > http://www.trl.ibm.com/projects/security/ssp/ > > > > Why isn't FreeBSD built with such extension (by default) ? > > MY first though would be that it "add applictation code at compile time" > which would slow the system down to a certian degree, and it seems to be > somewhat beta, so you may run into bugs. Be interesting to try though > (they have instructions to build FreeBSD using it). > > On the other hand, stack overflows are generally due to sloppy > programming, so adding code and overhead to facilitate being lazy seems to > be the wrong way to attack a problem. > > -- > Matt Piechota Maintaining the patch as gcc is upgraded is the core issue; the efficiency vs safety issue could be addressed by a flag during buildworld. I started work on taking the existing gcc port and adding in the patch listed above; it seemed to work well, but I'm not sure how well I'd be able to keep it up to date. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011029124352.K1182-100000>