Re: [fbsd] Integrating ProPolice/SSP into FreeBSD

Jeremie Le Hen wrote:
Hi list,

I haven't got much feedback so far. I would be glad if any people
who have been using this patch told be if they have been faced with
some problems.

Thank you
Regards,
Jeremie

On Fri, May 26, 2006 at 05:34:22PM +0200, Jeremie Le Hen wrote:
Hi,

first sorry for cross-posting but I thought this patch might interest
-CURRENT users as well as people concerned by security.

I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step
further than it has been realized so far.

It is available here :
http://tataz.chchile.org/~tataz/FreeBSD/SSP/

Everything is explained on the web page, but I will repeat some
informations here. The patchset is splitted in two parts to ease the
review of the patch. The -propolice patch is only the original
ProPolice patch for GCC 3.4.4 applied on FreeBSD source tree. The
-freebsd patch contains the glue I have written to make things neat.

The patch exists in both for CURRENT and RELENG_6. Both introduce a
new make.conf(5) (and src.conf(5)) knob to enable stack protection
on a per Makefile basis. It if of course possible to compile your
world with it. Please refer to the web page for more informations.
The patch has been tested and works pretty well. My laptop and my
workstation at work are compiled with SSP : world, kernel and ports,
including X.org.

I hope you will enjoy it.
Regards,
Been using this since you announced it here, no problems at all. 6.1-STABLE, kernel, ports, world built with SSP.

Best regards,

Hugo
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: RT patch acceptance
    ... judge the complexity of a design for that type of system. ... claim that you cannot judge the complexity of a kernel modification. ... Since the patch in question doesn't actually need that information to ... nanokernel's API up to date with additions to Linux's API that RT people ...
    (Linux-Kernel)
  • Re: Submitting patches for Kontron-boards with Freescale processors
    ... We would like to start now to submit all these board supports to the vanilla kernel. ... Should we try to provide a patch with all HW-features of the board supported, or would it be better to start with a minimalistic patch, and then add support for additional devices onboard time by time? ... I ask because for the 85xx and 83xx subarchitectures I'm trying to limit new board ports in arch/ppc as we try to transition to arch/powerpc. ... To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ ...
    (Linux-Kernel)
  • Re: This is [Re:] How to improve the quality of the kernel[?].
    ... The -mm kernel already implements what your proposed PTS would do. ... If patch have no TS ID, ... Thus i can apply for example lguest patches and implement and test new ... How many open source projects use Bugzilla and how many use the Debian BTS? ...
    (Linux-Kernel)
  • [RFC] Making percpu module variables have their own memory.
    ... Someone using the -rt patch found that one of the tracing options caused ... 64K for every CPU to cover all the per_cpu variables used in the kernel ... static void wakeup_softirqd_prio ...
    (Linux-Kernel)
  • Re: Documentation - how to apply patches for various trees
    ... >> explanation of the various kernel trees and how to apply their patches. ... +a patch to the kernel or, more specifically, what base kernel a patch for ... +and what new version the patch will change the source tree into. ...
    (Linux-Kernel)