Date: Tue, 08 Jan 2002 12:41:33 +1100 From: Andrew Johns <johnsa@kpi.com.au> To: hawkeyd@visi.com Cc: security at FreeBSD <freebsd-security@FreeBSD.ORG> Subject: Re: GCC stack-smashing extension Message-ID: <3C3A4E4D.3A05B029@kpi.com.au> References: <20020107091948.A4096@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
D J Hawkey Jr wrote: > > Hey, all, > > I recently stumbled across the web page for the GCC stack-smashing > extension (http://www.trl.ibm.com/projects/security/ssp/): > > - Anyone have any experience with it, good, bad, or otherwise? Yes - on 4.4 - I had to manually apply the patch to it however as the patch was for an earlier version. CVSup killed it the first time, so you'll need to maintain your own CVS repo's in order to keep it. I tested it with a known exploit and the process was killed and an entry written to syslog. Of course, it won't protect you from heap or data/bss overflows, however. See here for more on this: http://www.w00w00.org/files/heaptut/heaptut.txt Cheers -- AJ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C3A4E4D.3A05B029>