Date: Thu, 27 Oct 2005 21:58:42 +0200 From: Jimmy Scott <jimmy@inet-solutions.be> To: db <db@traceroute.dk> Cc: freebsd-security@freebsd.org Subject: Re: Non-executable stack Message-ID: <20051027195842.GA19013@ada.devbox.be> In-Reply-To: <200510271511.36004.db@traceroute.dk> References: <200510270608.51571.db@traceroute.dk> <1130394931.43607533be6d7@webmail.boxke.be> <200510271511.36004.db@traceroute.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thu, Oct 27, 2005 at 03:11:35PM +0000, db wrote: > On Thursday 27 October 2005 06:35, you wrote: > > > http://www.research.ibm.com/trl/projects/security/ssp/buildfreebsd.html > > > > The patch should be for 5.x in general, I don't use it anymore since some > > ports will break, if you play with it you can disable it by default and > > enable it explicit when you are willing to compile a binary with it. > > Ok thanks, but I was looking for a kernel level patch. Btw which ports will > break? > I did not keep a list, but as far as I remember, the 'pure-pw' binary from pure-ftpd was the last thing that failed. Because it was not visible in first place (the port builded fine), I decided the risk of breaking things without noticing it was not worth it. I don't mean that it's a bad thing, but it will cost you some time to find the bugs, report the bugs and get them fixed. And if you are willing to use it in a production environment, you have to fully test the software eacht time you are upgrading to be sure things will not break. It's also not officially supported as far as I know. Kind regards, Jimmy Scott -- People usually get what's coming to them ... unless it's been mailed. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (OpenBSD) iD8DBQFDYTFygDLTDEgDPT0RAlh4AJ0ccvAUXpHciDwEM8UEe9fMq8CAPQCeK+lE ExjtwwBMk2F/bkM0iD7HA3E= =6oQq -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051027195842.GA19013>