Date: Thu, 24 Sep 2015 13:24:47 -0500 From: Pedro Giffuni <pfg@FreeBSD.org> To: freeBSD-security@FreeBSD.org Subject: RFC Stack protector strong Message-ID: <56043FEF.7040307@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
(excuse me if you get this message repeated .. I hit the wrong list previously) Hello; Our current stack protection is very weak (about 1-2 % coverage). Google engineers have developed a new level of protection (about 20% coverage) that according to Google and Redhat has a negligible impact on performance. I have opened a code review with a simple update to the default setting for our stack protector: https://reviews.freebsd.org/D3463/ Sadly I haven't received much feedback. I have no hurry to commit this but as stated in the review I think it is worthwhile. I don’t expect any issue, but it would be better to apply this change soonish rather than later so any collateral issues are detected and worked out with ample time before 11-Release. Any objection? If there is no feedback I will just play with other things. Pedro.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56043FEF.7040307>