From owner-freebsd-security  Fri May 18 18:13: 6 2001
Delivered-To: freebsd-security@freebsd.org
Received: from femail9.sdc1.sfba.home.com (femail9.sdc1.sfba.home.com [24.0.95.89])
	by hub.freebsd.org (Postfix) with ESMTP id 7BE4137B422
	for <security@FreeBSD.ORG>; Fri, 18 May 2001 18:13:03 -0700 (PDT)
	(envelope-from mixtim@home.com)
Received: from cg392862-a.adubn1.nj.home.com ([65.2.79.221])
          by femail9.sdc1.sfba.home.com
          (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP
          id <20010519011302.GUCB17191.femail9.sdc1.sfba.home.com@cg392862-a.adubn1.nj.home.com>;
          Fri, 18 May 2001 18:13:02 -0700
Received: (from mixtim@localhost)
	by cg392862-a.adubn1.nj.home.com (8.11.3/8.11.3) id f4J1D1n53784;
	Fri, 18 May 2001 21:13:01 -0400 (EDT)
	(envelope-from mixtim)
Date: Fri, 18 May 2001 21:13:01 -0400
From: Mixtim <mixtim@home.com>
To: Hiroaki Etoh <etoh@trl.ibm.co.jp>
Cc: security@FreeBSD.ORG
Subject: Re: Base system with gcc stack-smashing protector
Message-ID: <20010518211301.A53682@home.com>
References: <20010519093227T.etoh@trl.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010519093227T.etoh@trl.ibm.com>; from etoh@trl.ibm.co.jp on Sat, May 19, 2001 at 09:32:27AM +0900
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sat, May 19, 2001 at 09:32:27AM +0900, Hiroaki Etoh wrote:
> At last, I have completed GCC extension for protectiong applications
> against stack smashing attack. It works on Intel x86 processor and IBM
> powerpc.   

Have you seen Phrack Magazine issue 56, article 5? The title is "Bypassing
StackGuard and StackShield."

  "This article is an attempt to demonstrate that it is possible to
   exploit stack overflow vulnerabilities on systems secured by
   StackGuard or StackShield even in hostile environments (such as when
   the stack is non-executable)."
   
Does your patch address their concerns?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message