From owner-freebsd-security Mon Jan 7 17:42: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from www.kpi.com.au (www.kpi.com.au [203.39.132.210]) by hub.freebsd.org (Postfix) with ESMTP id 8CA6637B404 for ; Mon, 7 Jan 2002 17:42:00 -0800 (PST) Received: from kpi.com.au (arbiter-int.kpi.com.au [203.39.132.209]) by www.kpi.com.au (8.9.3/8.9.3) with ESMTP id MAA40701; Tue, 8 Jan 2002 12:49:30 +1100 (EST) (envelope-from johnsa@kpi.com.au) Message-ID: <3C3A4E4D.3A05B029@kpi.com.au> Date: Tue, 08 Jan 2002 12:41:33 +1100 From: Andrew Johns X-Mailer: Mozilla 4.7 [en-gb] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: hawkeyd@visi.com Cc: security at FreeBSD Subject: Re: GCC stack-smashing extension References: <20020107091948.A4096@sheol.localdomain> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org D J Hawkey Jr wrote: > > Hey, all, > > I recently stumbled across the web page for the GCC stack-smashing > extension (http://www.trl.ibm.com/projects/security/ssp/): > > - Anyone have any experience with it, good, bad, or otherwise? Yes - on 4.4 - I had to manually apply the patch to it however as the patch was for an earlier version. CVSup killed it the first time, so you'll need to maintain your own CVS repo's in order to keep it. I tested it with a known exploit and the process was killed and an entry written to syslog. Of course, it won't protect you from heap or data/bss overflows, however. See here for more on this: http://www.w00w00.org/files/heaptut/heaptut.txt Cheers -- AJ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message