Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 26 Aug 2003 19:55:08 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Alex <alex@rnp.br>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: FreeBSD with propolice protection
Message-ID:  <20030826185508.GD16046@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <001f01c36bf3$bd3778a0$0d3f11c8@ncrj.rnp.br>
References:  <001f01c36bf3$bd3778a0$0d3f11c8@ncrj.rnp.br>
next in thread | previous in thread | raw e-mail | index | archive | help 

--2Z2K0IlrPCVsbNpk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 26, 2003 at 02:01:48PM -0300, Alex wrote:
> Hello,
>=20
> Does anybody recommend using this?
>=20
> How to build FreeBSD with propolice protection
> http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html

If you have a server carrying particularly valuable or sensitive data,
then, yes the propolice patches can add an extra layer of security.

However, there are certain otherwise harmless software constructs that
involve writing to the stack that this software will cause to fail.
Certain applications simply will not work.

For an ordinary desktop or home machine it's probably overkill, and
paying attention to security announcements and keeping your machine
properly up to date and not running extraneous daemons and following
all of the other standard good security advice should be sufficient.
=20
> After implementing it, how to make sure it's working correctly?

Write a small C program that will let you overflow an array and
trample on the stack. By convention, the usage is to overflow the
array with a long string of A characters.  Analyse the core dump thus
obtained.  If the EIP has been overwritten with the value 0x41414141
then the patches definitely aren't working.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--2Z2K0IlrPCVsbNpk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/S60MdtESqEQa7a0RAiJGAJ9qhlmrsZDmOF/QlTmh/1c7uHSBUQCfbtzx
Ahc2OyQwMNpCofk70rlZh4Y=
=AU5W
-----END PGP SIGNATURE-----

--2Z2K0IlrPCVsbNpk--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030826185508.GD16046>