Date: Sat, 7 Jun 2003 17:59:27 -0700 From: David Schultz <das@FreeBSD.ORG> To: Erik Paulsen Skaalerud <erik@pentadon.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Non-Executable Stack Patch Message-ID: <20030608005927.GA39301@HAL9000.homeunix.com> In-Reply-To: <003601c32b48$106ec380$0a00000a@eps> References: <0306042122420.58298@neobe.cnanfb.pbz> <003601c32b48$106ec380$0a00000a@eps>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 05, 2003, Erik Paulsen Skaalerud wrote: > > From: owner-freebsd-security@freebsd.org > > [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Tim Baur > > Sent: Thursday, June 05, 2003 6:24 AM > > To: freebsd-security@freebsd.org > > On Wed, 4 Jun 2003, Tony Meman wrote: > > > I was wondering if there's any non-executable stack patch for > > > FreeBSD's kernel. > >http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html > > > >-tbaur > > Can anyone here share their experiences with this patch? I've heard very > little talk about it really, I'm looking for others oppinions before I try > to patch gcc with this. Any major slowdowns on the userland? And if its > major, how much? The original StackGuard implementation had massive overhead: several orders of magnitude for common programs. It looks like the fellows at IBM have managed to do significantly better: http://www.trl.ibm.com/projects/security/ssp/node5.html I personally am not particularly interested in a fix that makes buffer overflows harder to exploit, given that buffer overflows constitute a problem that can be completely solved without the same performance loss by switching to a safer language. Nevertheless, there's enough useful C code out there that this could be useful. It would be cool to have as an optional part of FreeBSD, assuming we wouldn't have to maintain massive diffs against gcc or something. (gcc uses this by default now, right?)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030608005927.GA39301>