Date: Fri, 09 Jun 2006 16:40:14 -0400 From: Chris <rip@overflow.no> To: Jeremie Le Hen <jeremie@le-hen.org> Cc: freebsd-security@FreeBSD.org, freebsd-current@FreeBSD.org Subject: Re: [fbsd] Integrating ProPolice/SSP into FreeBSD Message-ID: <4489DCAE.3070005@overflow.no> In-Reply-To: <20060609095751.GI1273@obiwan.tataz.chchile.org> References: <20060526153422.GB25953@obiwan.tataz.chchile.org> <20060609095751.GI1273@obiwan.tataz.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeremie Le Hen wrote: > Hi list, > > I haven't got much feedback so far. I would be glad if any people > who have been using this patch told be if they have been faced with > some problems. > > Thank you > Regards, > Jeremie > > On Fri, May 26, 2006 at 05:34:22PM +0200, Jeremie Le Hen wrote: > >> Hi, >> >> first sorry for cross-posting but I thought this patch might interest >> -CURRENT users as well as people concerned by security. >> >> I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step >> further than it has been realized so far. >> >> It is available here : >> http://tataz.chchile.org/~tataz/FreeBSD/SSP/ >> >> Everything is explained on the web page, but I will repeat some >> informations here. The patchset is splitted in two parts to ease the >> review of the patch. The -propolice patch is only the original >> ProPolice patch for GCC 3.4.4 applied on FreeBSD source tree. The >> -freebsd patch contains the glue I have written to make things neat. >> >> The patch exists in both for CURRENT and RELENG_6. Both introduce a >> new make.conf(5) (and src.conf(5)) knob to enable stack protection >> on a per Makefile basis. It if of course possible to compile your >> world with it. Please refer to the web page for more informations. >> >> The patch has been tested and works pretty well. My laptop and my >> workstation at work are compiled with SSP : world, kernel and ports, >> including X.org. >> >> I hope you will enjoy it. >> Regards, >> I'm using it successfuly with the stackp-gap and the random mmap on 6.1-RELEASE. No problems at all really :) Except that i want a nob for gcc to use the protection by default. We discussed this in another email. I'm also using nomad's 5.4 one of my 5.4-p14 with stack gap and random mmap (slight modication was needed to get it working), which for me has the desired default behaviour. I hope to see this on 6.x too, keep up the good work. - Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4489DCAE.3070005>