Date: Fri, 28 Dec 2007 00:44:34 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> Cc: Gunther Mayer <gunther.mayer@googlemail.com>, freebsd-security@freebsd.org Subject: Re: ProPolice/SSP in 7.0 Message-ID: <20071228004249.C43798@fledge.watson.org> In-Reply-To: <86myrvhht9.fsf@ds4.des.no> References: <477277FF.30504@googlemail.com> <86myrvhht9.fsf@ds4.des.no>
index | next in thread | previous in thread | raw e-mail
On Thu, 27 Dec 2007, Dag-Erling Smørgrav wrote: > Gunther Mayer <gunther.mayer@googlemail.com> writes: >> I've known about ProPolice/SSP for a while now (from the Gentoo world) and >> am aware that FreeBSD 7.0 doesn't yet support it though I know of Jeremy Le >> Hen's patches (http://tataz.chchile.org/~tataz/FreeBSD/SSP/). > > Wrong. FreeBSD 7 has had SSP support since May; the patch you mention just > turns it on by default. You can probably achieve the same effect by adding > -fstack-protector to CFLAGS and COPTFLAGS in make.conf. I'd very much like us to think about turning it on by default -- while stack protection is necessarily imperfect, it is increasingly considered a standard compiler feature to have enabled on operating systems. In fact, I know of relatively few that don't enable it by default... Robert N M Watson Computer Laboratory University of Cambridgehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071228004249.C43798>