Re: Integrating ProPolice/SSP into FreeBSD

At 2:49 PM -0400 5/26/06, Kris Kennaway wrote:
On Fri, May 26, 2006, Robert Watson wrote:
>
On Fri, 26 May 2006, Jeremie Le Hen wrote:
>
> > first sorry for cross-posting but I thought this patch
> > might interest -CURRENT users as well as people concerned
> > by security.

This makes the assumption that people running -current are
not interested in security...

> > I wrote a patch that integrates ProPolice/SSP into FreeBSD,
> > one step further than it has been realized so far.
>
> This looks very neat.

Certainly I'd like to see this available to FreeBSD users.
Thanks very much for working on it.

> Could you remind me what, if any, ABI issues might exist?
> I'm familiar with the ideas behind ProPolice, but not the
> implementation. Can I use SSP-compied libraries with
> pre-SSP applications? Can I use post-SSP applications
> with pre-SSP binaries?

Last time I tried it (several years ago, when I maintained
my own local patch for world integration), backwards binary
compatibility was an issue, i.e. it was possible to hose
your system when trying to revert the changes (since all
rebuilt binaries all depend on symbols no longer provided
in libc).

Could we do something to ease in the transition? First add
some kind of stubs for those routines, and then later do
the switch to bring in ProPolice? Or something else like
that?

I should also dust off the ideas I worked on for the 64-bit
time_t change. I was closing in on a way to reliably switch
back-and-forth between kernels which had some incompatible
change.

--
Garance Alistair Drosehn = drosehn@xxxxxxx
Senior Systems Programmer or gad@xxxxxxxxxxx
Rensselaer Polytechnic Institute; Troy, NY; USA
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"