From owner-freebsd-security  Fri Feb 16  1:27:16 2001
Delivered-To: freebsd-security@freebsd.org
Received: from virginia.yamato.ibm.co.jp (virginia.yamato.ibm.co.jp [203.141.89.165])
	by hub.freebsd.org (Postfix) with ESMTP
	id 60EBD37B4EC; Fri, 16 Feb 2001 01:27:11 -0800 (PST)
Received: from ns.trl.ibm.com (ns.trl.ibm.com [9.116.48.18])
	by virginia.yamato.ibm.co.jp (8.9.3/3.7W/GW3.3) with ESMTP id SAA11170;
	Fri, 16 Feb 2001 18:26:26 +0900
Received: from localhost by ns.trl.ibm.com (8.9.3/TRL4.5SRV)
	id SAA15404; Fri, 16 Feb 2001 18:26:25 +0900
To: security@FreeBSD.ORG
Cc: kris@FreeBSD.ORG, ash@lab.poc.net, kjm@rins.ryukoku.ac.jp,
	iwamura@muraoka.info.waseda.ac.jp
Subject: Base system with gcc stack-smashing protector
In-Reply-To: <20001117154551.A77867@citusc17.usc.edu>
X-Mailer: Mew version 1.94b48 on Emacs 20.5 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20010216182625I.etoh@trl.ibm.com>
Date: Fri, 16 Feb 2001 18:26:25 +0900
From: Hiroaki Etoh <etoh@trl.ibm.co.jp>
X-Dispatcher: imput version 990813(IM119)
Lines: 31
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 17 Nov, Kris Kennaway wrote:
> This was trivial to get working on FreeBSD, but here is a patch
> against the system gcc in 4.x which will compile a ProPolice-enabled
> version, so FreeBSD users can start easily making use of this. The
> patch is the same for 5.x users except you will need to replace
> "contrib/gcc" with "contrib/gcc.295" in the diff.
> 
> http://www.freebsd.org/~kris/protector.patch

Iwamura-san and Etoh have finished to build the stack protected version
of FreeBSD base system!  Iwamura-san fixed several linkage errors
generated from the above patch. 

We confirmed the protected system blocked the bind TSIG exploit which is
announced from CERT, 31 Jan, 2001.

Here is a patch against the system 4.2-RELEASE.
http://www.trl.ibm.co.jp/projects/security/ssp/protector.patch

See http://www.trl.ibm.co.jp/projects/security/ssp/buildfreebsd.html for
details.

We are still working on building the protected version of kernel.

Hiroaki Etoh,
Tokyo Research Laboratory, IBM Japan

Makoto Iwamura,
Muraoka Lab., Waseda University




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message