Re: ProPolice/SSP in 7.0


On Thu, 27 Dec 2007, Dag-Erling Smørgrav wrote:

Gunther Mayer <gunther.mayer@xxxxxxxxxxxxxx> writes:
I've known about ProPolice/SSP for a while now (from the Gentoo world) and am aware that FreeBSD 7.0 doesn't yet support it though I know of Jeremy Le Hen's patches (http://tataz.chchile.org/~tataz/FreeBSD/SSP/).

Wrong. FreeBSD 7 has had SSP support since May; the patch you mention just turns it on by default. You can probably achieve the same effect by adding -fstack-protector to CFLAGS and COPTFLAGS in make.conf.

I'd very much like us to think about turning it on by default -- while stack protection is necessarily imperfect, it is increasingly considered a standard compiler feature to have enabled on operating systems. In fact, I know of relatively few that don't enable it by default...

Robert N M Watson
Computer Laboratory
University of Cambridge_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Possibility for FreeBSD 4.11 Extended Support
    ... Just because someone has a few FreeBSD boxes running light loads and not using the features that we NEED does not mean that any the port 4.11 releases to date are stable. ... If your business is relying on FreeBSD 4.11 and you do not believe the _free_ support you have been getting is adequate, you are always welcome to look through the list at http://www.freebsd.org/commercial/consult_bycat.html and find someone to provide whatever level of support you want. ... patches, ... I wouldn't be surprised if a few more aging and unhandled PR's are flushed from the bug report database as a result of the EoL, but in practice, 4.x will keep running largely as it has since 4.11 was released. ...
    (freebsd-stable)
  • Re: ProPolice/SSP in 7.0
    ... I know of Jeremy Le Hen's patches ... Actually, FreeBSD 7 _compiler_ has SSP support, but a lot of necessary ... applying the patches and recompiling is all fair and well but what do I do when I need to apply a security patch and there happens to be a merge conflict because I'm now working off a non-standard set of sources? ...
    (FreeBSD-Security)
  • Re: ProPolice/SSP in 7.0
    ... I know of Jeremy Le Hen's patches ... FreeBSD 7 has had SSP support since May; ... Actually, FreeBSD 7 _compiler_ has SSP support, but a lot of necessary ...
    (FreeBSD-Security)
  • Re: ProPolice/SSP in 7.0
    ... Jeremy Le Hen's patches. ... FreeBSD 7 has had SSP support since May; ...
    (FreeBSD-Security)
  • Re: Fwd: (KAME-snap 9012) racoon in the kame project
    ... I have been using it with FreeBSD 4.11. ... The ipsec-tools version has support for NAT-T if the kernel has ... There exist patches for use with the IPSEC option of 4.x ...
    (FreeBSD-Security)