Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Nov 2006 15:19:58 +0100
From:      Joerg Sonnenberger <joerg@britannica.bec.de>
To:        freebsd-hackers@freebsd.org, hackers@freebsd.org
Subject:   Re: Hardening FreeBSD, does anyone have any documentation that may help?
Message-ID:  <20061121141958.GB721@britannica.bec.de>
In-Reply-To: <20061121115555.Y50450@fledge.watson.org>
References:  <455324F2.9090603@fugspbr.org> <20061120223407.GF20405@obiwan.tataz.chchile.org> <20061121115555.Y50450@fledge.watson.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 21, 2006 at 11:59:27AM +0000, Robert Watson wrote:
> FYI, Silby gave a nice mini-talk/discussion at EuroBSDCon on the topic of 
> gcc4 security features.  It seems like there's a lot of support for having 
> these things in FreeBSD, but a strong reluctance to have large outstanding 
> patchsets against the compiler and build chain, hence the continued 
> "strategy" of waiting for them to arrive in gcc4.  Most questions boiled 
> down to:

The code is integrated in GCC 4.1, patching if needed at all is quite
contained.

> - What are the ABI impacts?  Assuming that protection features arrive and
>   depart, and that reasonable application backward compatibility is required
>   for programs and libraries.  Of particular interest was the case where we
>   turn on a protection feature in X.Y and discover that this was a bad idea,
>   so turn it off in X.Y+1.

The ABI impact is limited to the stack guard cookie, the initialisation
function and the failure handler. Three different solutions can be used:
(1) The code can be part of a separate library (libssp).
(2) The code can be part of libc (DragonFly, OpenBSD and glibc do this).
(3) Like (2), but the cookie is part of the Thread Control Block, e.g.
accessible via %gs. This is done on newer glibc systems and has the
advantage of avoiding PIC references.

> - What are the performance characteristics in a variety of real-world
>   workloads?

The original benchmarks done with Propolice by IBM suggest typical
degrations in the area of 2%-5%, depending on how many functions are
called and not inlined and how many of them need to get the protection.
The site of Etoh has more details.

Joerg



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061121141958.GB721>