From owner-freebsd-security@FreeBSD.ORG  Thu Jun  5 02:33:38 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 582D237B401
	for <freebsd-security@freebsd.org>;
	Thu,  5 Jun 2003 02:33:38 -0700 (PDT)
Received: from epita.fr (hermes.epita.fr [163.5.255.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2562D43FA3
	for <freebsd-security@freebsd.org>;
	Thu,  5 Jun 2003 02:33:37 -0700 (PDT)
	(envelope-from le-hen_j@epita.fr)
Received: from carpediem (carpediem.epita.fr [10.42.42.5])
	by epita.fr id h559XT024600
	Thu, 5 Jun 2003 11:33:29 +0200 (MEST)
Date: Thu, 5 Jun 2003 11:33:28 +0200
From: jeremie le-hen <le-hen_j@epita.fr>
To: Tim Baur <tbaur@panaso.com>
Message-ID: <20030605093328.GD22086@carpediem.epita.fr>
References: <3EDE8ECE.6040400@superig.com.br>
	<0306042122420.58298@neobe.cnanfb.pbz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <0306042122420.58298@neobe.cnanfb.pbz>
User-Agent: Mutt/1.4i
cc: freebsd-security@freebsd.org
Subject: Re: Non-Executable Stack Patch
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jun 2003 09:33:38 -0000

On Wed, Jun 04, 2003 at 09:23:57PM -0700, Tim Baur wrote:
> On Wed, 4 Jun 2003, Tony Meman wrote:
> 
> > I was wondering if there's any non-executable stack patch for
> > FreeBSD's kernel.
> >
> > [...]
> > 
> > I'm not interested in patches for gcc or alikes either.
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html


>From http://www.trl.ibm.com/projects/security/ssp/ :
<<  What's the stack-smashing protector?
    It is a GCC (Gnu Compiler Collection) extension for protecting
    applications from stack-smashing attacks. Applications written
    in C will be protected by the method that automatically inserts
    protection code into an application at compilation time. >>

I also had a quick look to the patch, and it's clearly GCC which is
mainly modified. A very few kernel source files are changed, in
order to make a panic when a stack overflow occurs within it.

-- 
Jeremie aka TtZ/TataZ
jeremie.le-hen@epita.fr