Date: Fri, 26 May 2006 15:08:03 -0400 From: Garance A Drosehn <gad@FreeBSD.org> To: Kris Kennaway <kris@obsecurity.org>, Robert Watson <rwatson@FreeBSD.org> Cc: freebsd-security@FreeBSD.org, Jeremie Le Hen <jeremie@le-hen.org> Subject: Re: Integrating ProPolice/SSP into FreeBSD Message-ID: <p06230901c09d0033296c@[128.113.24.47]> In-Reply-To: <20060526184919.GA69830@xor.obsecurity.org> References: <20060526153422.GB25953@obiwan.tataz.chchile.org> <20060526193048.Y77521@fledge.watson.org> <20060526184919.GA69830@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 2:49 PM -0400 5/26/06, Kris Kennaway wrote: >On Fri, May 26, 2006, Robert Watson wrote: > > >> On Fri, 26 May 2006, Jeremie Le Hen wrote: >> > > > > first sorry for cross-posting but I thought this patch > > > might interest -CURRENT users as well as people concerned > > > by security. This makes the assumption that people running -current are not interested in security... > > > I wrote a patch that integrates ProPolice/SSP into FreeBSD, > > > one step further than it has been realized so far. > > > > This looks very neat. Certainly I'd like to see this available to FreeBSD users. Thanks very much for working on it. > > Could you remind me what, if any, ABI issues might exist? > > I'm familiar with the ideas behind ProPolice, but not the > > implementation. Can I use SSP-compied libraries with > > pre-SSP applications? Can I use post-SSP applications > > with pre-SSP binaries? > >Last time I tried it (several years ago, when I maintained >my own local patch for world integration), backwards binary >compatibility was an issue, i.e. it was possible to hose >your system when trying to revert the changes (since all >rebuilt binaries all depend on symbols no longer provided >in libc). Could we do something to ease in the transition? First add some kind of stubs for those routines, and then later do the switch to bring in ProPolice? Or something else like that? I should also dust off the ideas I worked on for the 64-bit time_t change. I was closing in on a way to reliably switch back-and-forth between kernels which had some incompatible change. -- Garance Alistair Drosehn = drosehn@rpi.edu Senior Systems Programmer or gad@FreeBSD.org Rensselaer Polytechnic Institute; Troy, NY; USA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p06230901c09d0033296c>