Re: realpath(3) et al
From: Mike Hoskins (mike_at_adept.org)
Date: Wed, 13 Aug 2003 18:42:23 -0700 (PDT) To: email@example.com
On Tue, 12 Aug 2003, Peter Jeremy wrote:
> >Features such as a protected stack should, IMO, be implemented as soon as
> >possible to keep FreeBSD heads-afloat right now in the security sense....
> >OpenBSD has implemented this already and there are many patches for Linux to
> >do the same... why don't we go ahead and shove some of this code into CVS?
> By "protected" I presume you mean "non-executable". Whilst making the
> stack non-executable is trivial, making the system still work isn't.
> I believe the FreeBSD signal handling still relies on a signal
> trampoline on the stack. Some ports also expect an executable stack
> (most commonly lisp implementations).
i'd also just like to add an aside that's probably obvious...
yes we want security, but we really want to give people options too...
these sorts of measures can have a performance impact. as such, i feel we
should always give users the option of turning them off/on via some easy
to find knob (make.conf/define, kernel, etc.).
-- From: "Spam Catcher" <firstname.lastname@example.org> To: email@example.com Do NOT send email to the address listed above or you will be added to a blacklist! _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "email@example.com"