From owner-freebsd-security Fri Jan 4 1:27:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from phalse.2600.com (phalse.2600.COM [216.66.24.2]) by hub.freebsd.org (Postfix) with ESMTP id 27EFA37B416 for ; Fri, 4 Jan 2002 01:27:51 -0800 (PST) Received: from localhost (localhost [[UNIX: localhost]]) by phalse.2600.com (8.9.3/8.9.3) with ESMTP id EAA20447; Fri, 4 Jan 2002 04:27:43 -0500 (EST) Date: Fri, 4 Jan 2002 04:27:38 -0500 (EST) From: Dominick LaTrappe To: freebsd-security@freebsd.org Cc: rob@cyberpunkz.org Subject: Re: libsafe? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > http://www.avayalabs.com/project/libsafe/index.html > I won't go into details of what this lib does or is since the url above has > all the information on it. I however was wondering since someone else had > asked, if there was any type of a lib or such in freebsd which attempts to > perform some of the functions that this seems to be attempting to do. No lib I know of, but there is SSP, the "Stack Smashing Protector," which is a cross-platform patch to GCC. http://www.trl.ibm.co.jp/projects/security/ssp/ The author in May 2001 completed a FreeBSD-specific patch that lets you "make world" and even build the kernel with the protection, though I've only tested the former. Despite this, the FreeBSD camp has seemed none-too-interested in SSP. All of my FreeBSD boxes are full-SSP in userland. The patch applies cleanly to 4.4-STABLE. Everything runs smoothly (in-production coming on 8 months), the performance hit is minimal even with heavy database crunching, and buffer overflow exploits all seem to fail. ||| Dominick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message