Date: Fri, 28 Dec 2007 00:44:34 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> Cc: Gunther Mayer <gunther.mayer@googlemail.com>, freebsd-security@freebsd.org Subject: Re: ProPolice/SSP in 7.0 Message-ID: <20071228004249.C43798@fledge.watson.org> In-Reply-To: <86myrvhht9.fsf@ds4.des.no> References: <477277FF.30504@googlemail.com> <86myrvhht9.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --621616949-1225384271-1198802674=:43798 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Thu, 27 Dec 2007, Dag-Erling Sm=F8rgrav wrote: > Gunther Mayer <gunther.mayer@googlemail.com> writes: >> I've known about ProPolice/SSP for a while now (from the Gentoo world) a= nd=20 >> am aware that FreeBSD 7.0 doesn't yet support it though I know of Jeremy= Le=20 >> Hen's patches (http://tataz.chchile.org/~tataz/FreeBSD/SSP/). > > Wrong. FreeBSD 7 has had SSP support since May; the patch you mention ju= st=20 > turns it on by default. You can probably achieve the same effect by addi= ng=20 > -fstack-protector to CFLAGS and COPTFLAGS in make.conf. I'd very much like us to think about turning it on by default -- while stac= k=20 protection is necessarily imperfect, it is increasingly considered a standa= rd=20 compiler feature to have enabled on operating systems. In fact, I know of= =20 relatively few that don't enable it by default... Robert N M Watson Computer Laboratory University of Cambridge --621616949-1225384271-1198802674=:43798--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071228004249.C43798>