From owner-freebsd-security@freebsd.org Thu Sep 24 18:27:31 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1AE71A08293 for ; Thu, 24 Sep 2015 18:27:31 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from nm33-vm8.bullet.mail.bf1.yahoo.com (nm33-vm8.bullet.mail.bf1.yahoo.com [72.30.238.198]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C4AEE1640 for ; Thu, 24 Sep 2015 18:27:27 +0000 (UTC) (envelope-from pfg@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1443119081; bh=N2SgLrxY3SbkJnUeWnv2oRy6/t9f0dAkIx9DG07vA60=; h=To:From:Subject:Date:From:Subject; b=OUCDs3DO0MSJJiaeu0ZxmY6nTR2Z6oZvnMItIO6xsxPxvJ6lueBDI3CqXAuhOVWRpLaPLDFPvjhREqWqRl5tivxvL5L2VEEvutdUNg1AN0VxwdOhExeLiOcDcL8S8io5/rXJc+XdnfHYnOE3A/G3ecbnzrVMpI6NudNbLY/zjeyd9cw5Ofaeopnsxd7fSdox/tgSAxXOQLycNOxoi3+pFI/bB5sp5XqT53oz2ipDwAEZESs2gZvHyZ0XIEOXU79tzU1YK/Q33cYH4RJ5WXDx9o+llAtFND6Xm1VRXvSRN5/8jZrar1WE8eAPPwjR3f50CKxtiv9pO75yGiekguJUig== Received: from [66.196.81.174] by nm33.bullet.mail.bf1.yahoo.com with NNFMP; 24 Sep 2015 18:24:41 -0000 Received: from [98.139.211.162] by tm20.bullet.mail.bf1.yahoo.com with NNFMP; 24 Sep 2015 18:24:41 -0000 Received: from [127.0.0.1] by smtp219.mail.bf1.yahoo.com with NNFMP; 24 Sep 2015 18:24:41 -0000 X-Yahoo-Newman-Id: 657907.93606.bm@smtp219.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: JQtQa2UVM1kwFD4BCn3w54Tksu2AOWkxNMtsNq1LZ1x4xdt IgYezRvaOePVnfs963BpWaaS4DFbidqB2Z0pDxa8IdzulvcHBlYqPPwXRC5s dWuKPpiatfbHzjOZuGksE6Npsvilj49cKhqRJywXJ2uZklibF1jU_PjYZZxm sVJnBAkS.N58xNtZdYsRcq8yZP.XPzR7uu6GNxJ4K_K9eVpMg09NUbQNxY5W lExs2EcEKw.Z8mOQCZC2xWAj36KvFJmRh5LGcH6W9aJbUNnmaf9TUSZCbRTW NJVqCO52_QuHKSGZWa.qlcu5nlvPK1yAOYmVtpcFWX3cZ10c6H3QSCa0tumZ iolkgKHzSxaReDh7AR8Jnw0n5CTuhlZYAUh9EX3dKR3KTdnRZqOVdoKLZouH KKUf5jJxFaszfRzEAmxITb0rivrwbI5pZUnZZS5s7Dc9IbVy8Q8sKjzVbuJK NKTqRfv9n85RVl0QDdK.wyFJiSwGBpc_35gjsHxLCslWQpRyJxaaEkksj_Y4 hXXIoYhj4zANW_cDrPuZRaUXqNABRN_Xj X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf To: freeBSD-security@FreeBSD.org From: Pedro Giffuni Subject: RFC Stack protector strong Message-ID: <56043FEF.7040307@FreeBSD.org> Date: Thu, 24 Sep 2015 13:24:47 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Thu, 24 Sep 2015 19:02:50 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Sep 2015 18:27:31 -0000 (excuse me if you get this message repeated .. I hit the wrong list previously) Hello; Our current stack protection is very weak (about 1-2 % coverage). Google engineers have developed a new level of protection (about 20% coverage) that according to Google and Redhat has a negligible impact on performance. I have opened a code review with a simple update to the default setting for our stack protector: https://reviews.freebsd.org/D3463/ Sadly I haven't received much feedback. I have no hurry to commit this but as stated in the review I think it is worthwhile. I don’t expect any issue, but it would be better to apply this change soonish rather than later so any collateral issues are detected and worked out with ample time before 11-Release. Any objection? If there is no feedback I will just play with other things. Pedro.