Re: [fbsd] Re: Integrating ProPolice/SSP into FreeBSD



On Fri, May 26, 2006 at 06:35:54PM -0400, Alexander Kabaev wrote:
On Fri, 26 May 2006 17:34:22 +0200
Jeremie Le Hen <jeremie@xxxxxxxxxx> wrote:

Hi,

first sorry for cross-posting but I thought this patch might interest
-CURRENT users as well as people concerned by security.

I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step
further than it has been realized so far.

It is available here :
http://tataz.chchile.org/~tataz/FreeBSD/SSP/

Everything is explained on the web page, but I will repeat some
informations here. The patchset is splitted in two parts to ease the
review of the patch. The -propolice patch is only the original
ProPolice patch for GCC 3.4.4 applied on FreeBSD source tree. The
-freebsd patch contains the glue I have written to make things neat.

The patch exists in both for CURRENT and RELENG_6. Both introduce a
new make.conf(5) (and src.conf(5)) knob to enable stack protection
on a per Makefile basis. It if of course possible to compile your
world with it. Please refer to the web page for more informations.

The patch has been tested and works pretty well. My laptop and my
workstation at work are compiled with SSP : world, kernel and ports,
including X.org.

I hope you will enjoy it.
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
"freebsd-security-unsubscribe@xxxxxxxxxxx"

How does this compare to GCC 4.x mudflap feature? I do not plan to
include Propolice patch into base system any time soon and will object
anyone trying to do so due to future maintenance headaches this will
inevitably create. GCC 4.1.1 import is in the works though and should be
available shortly.

I wasn't aware of the mudflap feature. I had a quick look at it
through [1], and it appears mudflap focuses on pointer dereferencement.
ProPolice focuses on stack-based buffer overflows, this is mostly the
same as StackGuard, which is presented in the paper. According to
Wikipedia [2], StackGuard isn't maintained any longuer, while
ProPolice has been merged into GCC 4.1.

I understand you are working on GCC 4.1.1 import and that modifying
contributed sources will be a problem for you, though I must admit I
am not sure to understand the whole pain this creates. I will try to
maintain the patch on my own until GCC 4.1.1 import, so that users
will be able to make the best of ProPolice.

BTW, given that GCC 4.1.1 will contain ProPolice bits, I think I will
be worth having some knobs to turn SSP on or off for the base system.
I have become pretty confident with the build system and problems
that libssp triggers. I would be glad to provide you some of the
glue I have written so far in my patch (the -freebsd part).
Please, let me know if you are interested in this. If your current
work is publicly accessible, I'd be glad if you gave me the URL.

[1] http://gcc.fyxm.net/summit/2003/mudflap.pdf
[2] http://en.wikipedia.org/wiki/ProPolice

Thank you.
Best regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: [fbsd] Re: Integrating ProPolice/SSP into FreeBSD
    ... I agree that having the necessary hooks to enable/disable SSP would be ... >> first sorry for cross-posting but I thought this patch might interest ... >> ProPolice patch for GCC 3.4.4 applied on FreeBSD source tree. ...
    (freebsd-current)
  • Re: [fbsd] Re: Integrating ProPolice/SSP into FreeBSD
    ... I agree that having the necessary hooks to enable/disable SSP would be ... >> first sorry for cross-posting but I thought this patch might interest ... >> ProPolice patch for GCC 3.4.4 applied on FreeBSD source tree. ...
    (FreeBSD-Security)
  • Re: [PATCH -v7][RFC]: mutex: implement adaptive spinning
    ... I just ran a sample build for x86-64 with gcc 4.3.0, ... As shown by the delta from Andi's patch, ... inline a higher level of inline functions for the same bogus reason. ... weight of the asm statement... ...
    (Linux-Kernel)
  • Re: [CFT] updated gcc-3.4.0 fixes patch for 2.4.27-pre1
    ... I propose fixing problems that will appear with gcc 3.5, ... Here is a patch for the few places I got hit at. ... pci_set_drvdata(pci_dev, dev); ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)
  • Re: sshd broken with UsePrivilegeSeparation=yes on sparc64
    ... So, obviously a gcc bug. ... Subject: HEADS-UP: gcc-4.2 import appears to miscompile libm. ... Ths patch fixes the problem. ... it is a code bug. ...
    (freebsd-current)