Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 4 Jan 2002 04:27:38 -0500 (EST)
From:      Dominick LaTrappe <seraf@2600.COM>
To:        freebsd-security@freebsd.org
Cc:        rob@cyberpunkz.org
Subject:   Re: libsafe?
Message-ID:  <Pine.NEB.4.21.0201040406560.20405-100000@phalse.2600.com>

next in thread | raw e-mail | index | archive | help
> http://www.avayalabs.com/project/libsafe/index.html
> I won't go into details of what this lib does or is since the url above has
> all the information on it.  I however was wondering since someone else had
> asked, if there was any type of a lib or such in freebsd which attempts to
> perform some of the functions that this seems to be attempting to do.

No lib I know of, but there is SSP, the "Stack Smashing Protector," which
is a cross-platform patch to GCC.

  http://www.trl.ibm.co.jp/projects/security/ssp/

The author in May 2001 completed a FreeBSD-specific patch that lets you
"make world" and even build the kernel with the protection, though I've
only tested the former.  Despite this, the FreeBSD camp has seemed
none-too-interested in SSP.

All of my FreeBSD boxes are full-SSP in userland.  The patch applies
cleanly to 4.4-STABLE.  Everything runs smoothly (in-production coming on
8 months), the performance hit is minimal even with heavy database
crunching, and buffer overflow exploits all seem to fail.

	||| Dominick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.21.0201040406560.20405-100000>