Re: realpath(3) et al

From: Mike Hoskins (mike_at_adept.org)
Date: 08/14/03

  • Next message: Mike Hoskins: "RE: realpath(3) et al"
    Date: Wed, 13 Aug 2003 18:42:23 -0700 (PDT)
    To: security@freebsd.org
    
    

    On Tue, 12 Aug 2003, Peter Jeremy wrote:
    > >Features such as a protected stack should, IMO, be implemented as soon as
    > >possible to keep FreeBSD heads-afloat right now in the security sense....
    > >OpenBSD has implemented this already and there are many patches for Linux to
    > >do the same... why don't we go ahead and shove some of this code into CVS?
    > By "protected" I presume you mean "non-executable". Whilst making the
    > stack non-executable is trivial, making the system still work isn't.
    > I believe the FreeBSD signal handling still relies on a signal
    > trampoline on the stack. Some ports also expect an executable stack
    > (most commonly lisp implementations).

    i'd also just like to add an aside that's probably obvious...

    yes we want security, but we really want to give people options too...
    these sorts of measures can have a performance impact. as such, i feel we
    should always give users the option of turning them off/on via some easy
    to find knob (make.conf/define, kernel, etc.).

    -mrh

    --
    From: "Spam Catcher" <spam-catcher@adept.org>
    To: spam-catcher@adept.org
    Do NOT send email to the address listed above or
    you will be added to a blacklist!
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Mike Hoskins: "RE: realpath(3) et al"

    Relevant Pages

    • Re: realpath(3) et al
      ... >possible to keep FreeBSD heads-afloat right now in the security sense.... ... >OpenBSD has implemented this already and there are many patches for Linux to ... stack non-executable is trivial, making the system still work isn't. ... I believe the FreeBSD signal handling still relies on a signal ...
      (FreeBSD-Security)
    • Re: Help translating Intel to AT&T
      ... > I'm trying to translate a program from the Intel syntax to AT&T syntax ... I assume that OpenBSD works the same as FreeBSD. ... %ebx now contains the address _start will return to. ... Should also be on the stack. ...
      (comp.lang.asm.x86)
    • Re: Future of pf / firewall in FreeBSD ? - does it have one ?
      ... OpenBSD doesn't and vice versa, vimage is a good example, which throws ... The difference between FreeBSD's and OpenBSD's network stack ... the OS and which comes from ports. ... Someone needs to decide whether or not they want FreeBSD or OpenBSD when it ...
      (freebsd-questions)
    • Re: Future of pf / firewall in FreeBSD ? - does it have one ?
      ... stack is way too different from OpenBSD, ... The difference between FreeBSD's and OpenBSD's network stack ... the OS and which comes from ports. ... Happy FreeBSD user since 4.0 ...
      (freebsd-questions)
    • Re: Seeking free trace log system for embedded protocol stack (Comemrcial)
      ... stack for work. ... Money trouble at OpenBSD ... Clue: OpenBSD!= BSD. ... Software Distribution, nor were they the first to include an IP stack in ...
      (comp.lang.c)