From owner-freebsd-security@FreeBSD.ORG Wed Jan 2 21:18:16 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 252CF16A418 for ; Wed, 2 Jan 2008 21:18:16 +0000 (UTC) (envelope-from gunther.mayer@googlemail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.182]) by mx1.freebsd.org (Postfix) with ESMTP id CF11013C4CC for ; Wed, 2 Jan 2008 21:18:15 +0000 (UTC) (envelope-from gunther.mayer@googlemail.com) Received: by py-out-1112.google.com with SMTP id u52so10097680pyb.10 for ; Wed, 02 Jan 2008 13:18:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=Wy2D+mkD3kLtw/duaxy1Oc+xrIyelYL6S/2sfLBGRzk=; b=J3hnjpb1Zb6zm5Udd1pck8WIrDMJpWoc7fadbtaJVPR+m1gTHOhdNsLHgRtnIEXxYhkIM6mQBxkye9BJU+x6/w1Jmc1Cs1YlI+HGvM3IpdVu48fUzCMcr7Gf6T6aRAVyLqGOTPt9SUlyx1Va4SXdXNo0vbLs5R0Y7QLfWecjQ6s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=XO9UoIL/NGjxE7+nnOczc3EgfL7o/LVJkt5nM79iKtGWGuO29f1yLAJd5pAxVeoK1nHdRX6HPYGZ/6LoXHRn+2TWnCjn9RCpCElV2wrlKPU30Ajck0xTn6QVqh7niLYxvArL3aVozFzqIy+TzaYQK4asc4sGHcbp+SxyDWGOhFE= Received: by 10.110.31.5 with SMTP id e5mr2785834tie.35.1199308693892; Wed, 02 Jan 2008 13:18:13 -0800 (PST) Received: from ?172.25.0.106? ( [41.245.173.38]) by mx.google.com with ESMTPS id i14sm5362075wxd.11.2008.01.02.13.18.10 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 02 Jan 2008 13:18:12 -0800 (PST) Message-ID: <477BFF43.6060003@googlemail.com> Date: Wed, 02 Jan 2008 23:16:51 +0200 From: Gunther Mayer User-Agent: Thunderbird 2.0.0.6 (X11/20071022) MIME-Version: 1.0 To: Mike Silbersack References: <477277FF.30504@googlemail.com> <86myrvhht9.fsf@ds4.des.no> <20071227195833.154b41ae@kan.dnsalias.net> <4774EB0F.90103@googlemail.com> <20071228200428.J6052@odysseus.silby.com> In-Reply-To: <20071228200428.J6052@odysseus.silby.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Wed, 02 Jan 2008 21:33:43 +0000 Cc: freebsd-security@freebsd.org Subject: Re: ProPolice/SSP in 7.0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jan 2008 21:18:16 -0000 Thanks everyone for answering my questions so far. Mike Silbersack wrote: > It's too late to make that sort of change for FreeBSD 7.0, but I think > that's a good goal for FreeBSD 8.0. > > Here's what I think you could do: > > 1. Verify that enabling SSP works properly. Ok, I will certainly do that once 7.0 is out and I can run it for a while on our testing box. > 2. Convince Kris Kennaway to run his mysql benchmarks on a FreeBSD 8 > system both with and without SSP to verify that there is no > significant slowdown. Hmm, I guess Kris is not subscribed to -security? Maybe I'll have to post in -questions then... > 3. Get it enabled on FreeBSD 8 by default. > 4. Request that the change be made to FreeBSD 7.1 or 7.2 after it has > proven to not cause problems on FreeBSD 8. Ok, but what's the best way to go about that? Don't see that being documented in the handbook. Do you suggest a post on -questions or a send-pr or both?