Re: Integrating ProPolice/SSP into FreeBSD



On Fri, 26 May 2006, Kris Kennaway wrote:

On Fri, May 26, 2006 at 07:41:31PM +0100, Robert Watson wrote:

On Fri, 26 May 2006, Jeremie Le Hen wrote:

first sorry for cross-posting but I thought this patch might interest
-CURRENT users as well as people concerned by security.

I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step
further than it has been realized so far.

This looks very neat.

Could you remind me what, if any, ABI issues might exist? I'm familiar
with the ideas behind ProPolice, but not the implementation. Can I use
SSP-compied libraries with pre-SSP applications? Can I use post-SSP
applications with pre-SSP binaries?

Last time I tried it (several years ago, when I maintained my own
local patch for world integration), backwards binary compatibility was
an issue, i.e. it was possible to hose your system when trying to
revert the changes (since all rebuilt binaries all depend on symbols
no longer provided in libc).

As I understand it, the symbols would be added to libc (and stay
there). And with symbol versioning, they would always have to stay
there regardless of whether you build your binaries with or without
SSP.

A comment to the patch itself... You need to put the added
symbol(s) in one of libc's Symbol.map files or else they
won't be visible when symbol versioning is enabled.

--
DE
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: Integrating ProPolice/SSP into FreeBSD
    ... I wrote a patch that integrates ProPolice/SSP into FreeBSD, ... applications with pre-SSP binaries? ... And with symbol versioning, they would always have to stay ...
    (freebsd-current)
  • Re: Serious compatibility breakage in -current.
    ... With this patch applied old and new binaries are delivered a SIGBUS ... instead of SIGSEGV and the si_code is always BUS_ADRERR. ... static int ...
    (freebsd-current)
  • Re: Integrating ProPolice/SSP into FreeBSD
    ... I wrote a patch that integrates ProPolice/SSP into FreeBSD, ... SSP-compied libraries with pre-SSP applications? ... applications with pre-SSP binaries? ...
    (freebsd-current)
  • Re: Integrating ProPolice/SSP into FreeBSD
    ... I wrote a patch that integrates ProPolice/SSP into FreeBSD, ... SSP-compied libraries with pre-SSP applications? ... applications with pre-SSP binaries? ...
    (FreeBSD-Security)
  • [PATCH] [RESEND] PIE executable randomization
    ... below is a respin of the patch for executable code address randomization ... reverted because of bugreports stating that klibc binaries segfault due to ... This patch is using mmap's randomization functionality in such a way ...
    (Linux-Kernel)