From owner-freebsd-security Fri Jan 4 2:53: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id DF48C37B41B for ; Fri, 4 Jan 2002 02:53:00 -0800 (PST) Received: (from fasty@localhost) by I-Sphere.COM (8.11.6/8.11.6) id g04As8B31292; Fri, 4 Jan 2002 02:54:08 -0800 (PST) (envelope-from fasty) Date: Fri, 4 Jan 2002 02:54:08 -0800 From: faSty To: Dominick LaTrappe Cc: freebsd-security@FreeBSD.ORG Subject: Re: libsafe? Message-ID: <20020104025408.A31131@i-sphere.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from seraf@2600.COM on Fri, Jan 04, 2002 at 04:27:38AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Can the SSP patch work with FreeBSD 4.5-PRERELEASE? -trev On Fri, Jan 04, 2002 at 04:27:38AM -0500, Dominick LaTrappe wrote: > > http://www.avayalabs.com/project/libsafe/index.html > > I won't go into details of what this lib does or is since the url above has > > all the information on it. I however was wondering since someone else had > > asked, if there was any type of a lib or such in freebsd which attempts to > > perform some of the functions that this seems to be attempting to do. > > No lib I know of, but there is SSP, the "Stack Smashing Protector," which > is a cross-platform patch to GCC. > > http://www.trl.ibm.co.jp/projects/security/ssp/ > > The author in May 2001 completed a FreeBSD-specific patch that lets you > "make world" and even build the kernel with the protection, though I've > only tested the former. Despite this, the FreeBSD camp has seemed > none-too-interested in SSP. > > All of my FreeBSD boxes are full-SSP in userland. The patch applies > cleanly to 4.4-STABLE. Everything runs smoothly (in-production coming on > 8 months), the performance hit is minimal even with heavy database > crunching, and buffer overflow exploits all seem to fail. > > ||| Dominick > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Double Bucky (Sung to the tune of "Rubber Duckie") Double bucky, you're the one! You make my keyboard lots of fun Double bucky, an additional bit or two: (Vo-vo-de-o!) Control and Meta side by side, Augmented ASCII, nine bits wide! Double bucky, a half a thousand glyphs, plus a few! Double bucky, left and right OR'd together, outta sight! Double bucky, I'd like a whole word of Double bucky, I'm happy I heard of Double bucky, I'd like a whole word of you! -- (C) 1978 by Guy L. Steele, Jr. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message