Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 4 Feb 2003 14:10:43 -0600
From:      "Brandon D. Valentine" <brandon@dvalentine.com>
To:        Justin Lundy <jbl@cvs.tegatai.com>
Cc:        FreeBSD-Hackers <FreeBSD-Hackers@freebsd.org>
Subject:   Re: [eugene@securityarchitects.com: Re: Preventing exploitation with rebasing]
Message-ID:  <20030204201043.GR16038@geekpunk.net>
In-Reply-To: <20030204195114.GA92636@cvs.tegatai.com>
References:  <20030204195114.GA92636@cvs.tegatai.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Feb 04, 2003 at 11:51:14AM -0800, Justin Lundy wrote:
> Has similar work been done in FreeBSD been done? This would be a nice
> feature in 5.0-CURRENT. We had SecureBSD, and the IBM port of propolice,
> but both projects appear to be defunct at present. If we can integrate
> MAC into the kernel, why not port over OpenBSD's rebasing implementation 
> from /src/sys/kern/kern_exec.c? 
> 
> ----- Forwarded message from Eugene Tsyrklevich <eugene@securityarchitects.com> -----
> "Add a possibility to add a random offset to the stack on exec. This makes
> it slightly harder to write generic buffer overflows. This doesn't really
> give any real security, but it raises the bar for script-kiddies and it's
> really cheap.

AFAIK, no.  No similiar work has been done in FreeBSD.

Personally I think if one is going to expend effort in making the stack
more secure the proper way to do this is to follow NetBSD's example and
switch to a signal trampoline provided by libc so that stack pages can
be marked non-executable in the first place.  Adding random offsets to
the stack is never going to be more than a hack.

But, the surest way to test whether or not there is support for this
among actual FreeBSD developers (of which I am not one) is to post a
patch.  You'll know pretty quickly one way or the other.

Brandon D. Valentine
-- 
brandon@dvalentine.com                                 http://www.geekpunk.net

"We've been raised on replicas of fake and winding roads, and day after day up
on this beautiful stage we've been playing tambourine for minimum wage, but we
are real; I know we are real."  -- David Berman

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030204201043.GR16038>