From owner-freebsd-security Fri Nov 17 15: 3:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.vxu.se (oxeln.vxu.se [194.47.65.30]) by hub.freebsd.org (Postfix) with ESMTP id 6A2D437B479 for ; Fri, 17 Nov 2000 15:03:46 -0800 (PST) Received: from XGod (aaldv97.idet.vxu.se [194.47.111.20]) by mail.vxu.se (Netscape Messaging Server 4.15) with SMTP id G46YQ800.6ME for ; Sat, 18 Nov 2000 00:03:44 +0100 Message-ID: <001e01c050ea$a5f32a80$8e00a8c0@XGod> From: "Andreas Alderud" To: Subject: Re: FYI: Propolice for gcc-2.95.2 Date: Sat, 18 Nov 2000 00:03:50 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mike Silbersack wrote: >MAC and stack-smashing protection are certainly not mutally >exclusive. Even if the base system is configured with strong access >barriers to compromised programs, there is still lesser mischief >that can be performed. Hardly needed, look at VMS for example, what is needed is more layers, not just user and god(i.e. root). Besides, getting past the stack guards in programs isn't much harder than writing an ordinary exploit, though a bit different. >Additionally, it's very likely that people will still installed wu-ftpd, >qpopper, imapd, etc from ports. None of trustedbsd's features will help >when confronted with the default behavior of these programs. Stack >protection, on the other hand, would have prevented a good amount of the >past bugs in these programs, and will likely continue to be a good >protection method. Good for debuging, but an exploit is quite more than just an ordinary overflow. I welcome it as a developer debuging feature in 5.x, and as a security hardening feature in 4.x. /Kind regards, David A. Alderud To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message