Re: [fbsd] Integrating ProPolice/SSP into FreeBSD

---

• From: Jeremie Le Hen <jeremie@xxxxxxxxxx>
• Date: Fri, 9 Jun 2006 11:57:51 +0200

---

Hi list,

I haven't got much feedback so far. I would be glad if any people
who have been using this patch told be if they have been faced with
some problems.

Thank you
Regards,
Jeremie

On Fri, May 26, 2006 at 05:34:22PM +0200, Jeremie Le Hen wrote:

Hi,

first sorry for cross-posting but I thought this patch might interest
-CURRENT users as well as people concerned by security.

I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step
further than it has been realized so far.

It is available here :
http://tataz.chchile.org/~tataz/FreeBSD/SSP/

Everything is explained on the web page, but I will repeat some
informations here. The patchset is splitted in two parts to ease the
review of the patch. The -propolice patch is only the original
ProPolice patch for GCC 3.4.4 applied on FreeBSD source tree. The
-freebsd patch contains the glue I have written to make things neat.

The patch exists in both for CURRENT and RELENG_6. Both introduce a
new make.conf(5) (and src.conf(5)) knob to enable stack protection
on a per Makefile basis. It if of course possible to compile your
world with it. Please refer to the web page for more informations.

The patch has been tested and works pretty well. My laptop and my
workstation at work are compiled with SSP : world, kernel and ports,
including X.org.

I hope you will enjoy it.
Regards,

--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: [fbsd] Integrating ProPolice/SSP into FreeBSD
    • From: Hugo Silva
  • Re: [fbsd] Integrating ProPolice/SSP into FreeBSD
    • From: Chris

• Prev by Date: Re: Need help on ipfw IDS support.
• Next by Date: Data authentication for geli(8) committed to HEAD.
• Previous by thread: Need help on ipfw IDS support.
• Next by thread: Re: [fbsd] Integrating ProPolice/SSP into FreeBSD
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Can someone please help I have been stuck for days. ... I am 100% positive I am now running FC3. ... I followed your instructions by downloading ... the patch and the instructions for installing it. ... go into that file and chmod +x compile and run it. ... (Fedora) Re: 2.6.25.X-rtX compile errors on ARM due to cmpxchg() problems. ... A while ago I already mentioned that 2.6.25 did not compile on ARM. ... Looking at the generic implementation I believe that this code should ... Revert the patch named arm-cmpxchg.patch in the preempt-rt patchset ... (Linux-Kernel) Re: Updates vs. patches ... > security updates with something like apt, ... A patch assumes you've compiled and installed a program from source code. ... program), compile and install again. ... (comp.os.linux.security) Re: [git pull] PCI pull request for 2.6.27 ... I'm open to suggestions here about a couple of caveats with this pull: ... That said, when I inevitably fail, just humor me, and send me a patch to ... that it didn't even compile wasn't really my fault. ... think I put it in the right place, somebody needs to double-check it. ... (Linux-Kernel) Re: keep in sync with -mm tree? ... It also allows comments like "EDAC is known to not compile ... I'll take a look at uploading a nightly rollup as well. ... > apply's then a part of the patch which was entirely rejected, ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2006-06