From owner-freebsd-questions@freebsd.org  Fri Oct 13 01:09:13 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9DF56E39618
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri, 13 Oct 2017 01:09:13 +0000 (UTC)
 (envelope-from rfg@tristatelogic.com)
Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com
 [69.62.255.118])
 by mx1.freebsd.org (Postfix) with ESMTP id 876826E565
 for <freebsd-questions@freebsd.org>; Fri, 13 Oct 2017 01:09:12 +0000 (UTC)
 (envelope-from rfg@tristatelogic.com)
Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1])
 by segfault.tristatelogic.com (Postfix) with ESMTP id 409AA3AF79
 for <freebsd-questions@freebsd.org>; Thu, 12 Oct 2017 18:09:12 -0700 (PDT)
From: "Ronald F. Guilmette" <rfg@tristatelogic.com>
To: freebsd-questions@freebsd.org
Subject: Re: Install-time "hardening" options
In-Reply-To: <12473.128.135.52.6.1507845050.squirrel@cosmo.uchicago.edu>
Date: Thu, 12 Oct 2017 18:09:11 -0700
Message-ID: <6000.1507856951@segfault.tristatelogic.com>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Oct 2017 01:09:13 -0000


In message <12473.128.135.52.6.1507845050.squirrel@cosmo.uchicago.edu>, 
"Valeri Galtsev" <galtsev@kicp.uchicago.edu> wrote:

>On Thu, October 12, 2017 4:07 pm, Ronald F. Guilmette wrote:
>>>> (*) Insert stack guard page ahead of growable segments
>>>>...
>>>I personally have mixed feeling about this.
>>
>> By all means, please elaborate.
>>
>> Under what scenarios, if any, would the use of stack guards -not- be an
>> exceptionally desirable thing?  (I've already conceeded that
>> memory-limited
>> embedded uses are a special case.  But there are specialized distros for
>> that.)
>
>Well, I actually have a mixed feelings about stack guards themselves, I do
>not feel they give good protection for other memory areas, be those areas
>just few addresses away or far-far away.

Well, no single technique is going to solve everything, but I'd rather
have this one than nothing.

>But that must be just my
>ignorance, and you, as system architecture expert, are quite likely right,
>no matter what I feel like.

I have never and would never claim to be "architecture expert".  Even if
you were to catch me at my most braggadocious moment, I would only claim
to be the World's Second Foremost authority (on nothing in particular)
ranking just behind this fellow:

   https://en.wikipedia.org/wiki/Irwin_Corey

(Actually, now that he has passed away, earlier this year, I guess that
I can now lay claim to being the World's Foremost Authority.)

>Thanks for all your insights you have shared!

Likewise.


Regards,
rfg