Re: Integrating ProPolice/SSP into FreeBSD

On Fri, 26 May 2006, Kris Kennaway wrote:

On Fri, May 26, 2006 at 07:41:31PM +0100, Robert Watson wrote:

On Fri, 26 May 2006, Jeremie Le Hen wrote:

first sorry for cross-posting but I thought this patch might interest
-CURRENT users as well as people concerned by security.

I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step
further than it has been realized so far.

This looks very neat.

Could you remind me what, if any, ABI issues might exist? I'm familiar
with the ideas behind ProPolice, but not the implementation. Can I use
SSP-compied libraries with pre-SSP applications? Can I use post-SSP
applications with pre-SSP binaries?

Last time I tried it (several years ago, when I maintained my own
local patch for world integration), backwards binary compatibility was
an issue, i.e. it was possible to hose your system when trying to
revert the changes (since all rebuilt binaries all depend on symbols
no longer provided in libc).

As I understand it, the symbols would be added to libc (and stay
there). And with symbol versioning, they would always have to stay
there regardless of whether you build your binaries with or without

A comment to the patch itself... You need to put the added
symbol(s) in one of libc's files or else they
won't be visible when symbol versioning is enabled.

freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"