Date: Tue, 25 Dec 2007 16:38:54 +0200 From: Gunther Mayer <gunther.mayer@googlemail.com> To: freebsd-security@freebsd.org Subject: ProPolice/SSP in 7.0 Message-ID: <477115FE.2070705@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi there, I'm still running 6.2 on various servers without any tweaks (GENERIC kernel, binary updates via freebsd-update etc.) but lots of ports (apache, postgresql, diablo-jdk etc.) and would like to use stack smashing protection in order to harden my boxes and avoid many potential exploits. I've known about ProPolice/SSP for a while now (from the Gentoo world) and am aware that FreeBSD 7.0 doesn't yet support it though I know of Jeremy Le Hen's patches (http://tataz.chchile.org/~tataz/FreeBSD/SSP/). Some time after 7.0 is released I'd like to upgrade and apply SSP throughout kernel, userland and ports while I'm at it. However, being an unsupported patchset and all, I have some concerns which I'd like some feedback on well before I embark on this project: 1. Will FreeBSD ever support SSP natively? 2. How good is the kernel patch and how many people out there are using it? 3. Does using the kernel and userland patch mean that I am eternally stuck to compiling from source if I want to keep SSP on all the time (gone are the days of freebsd-update luxury)? 4. What's the story with libssp? Jeremy reckons that it's a lost cause and causes more trouble than it's worth. Yet libssp seems to be the only thing that actually fully integrated in 7.0 Gunther
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?477115FE.2070705>