From owner-freebsd-security  Mon Oct 29 13:25: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-152.dsl.lsan03.pacbell.net [63.207.60.152])
	by hub.freebsd.org (Postfix) with ESMTP id 4273637B403
	for <freebsd-security@freebsd.org>; Mon, 29 Oct 2001 13:25:05 -0800 (PST)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id C6E4666B0F; Mon, 29 Oct 2001 13:25:04 -0800 (PST)
Date: Mon, 29 Oct 2001 13:25:04 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Luc <luc@2113.ch>
Cc: freebsd-security@freebsd.org,
	Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>
Subject: Re: BUFFER OVERFLOW EXPLOITS
Message-ID: <20011029132504.A98067@xor.obsecurity.org>
References: <Pine.BSF.4.21.0110281500030.6086-100000@lhotse.zaraska.dhs.org> <3BDD11C8.4746A7BD@2113.ch>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3BDD11C8.4746A7BD@2113.ch>; from luc@2113.ch on Mon, Oct 29, 2001 at 09:22:33AM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--3MwIy2ne0vdjdPXF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Oct 29, 2001 at 09:22:33AM +0100, Luc wrote:
> Hello,
>=20
> > Is this programming, compiler or compiling options error?
> > How to avoid this problem on practice (writing programs)?
>=20
> Can one confirm we may prevent FreeBSD buffer overflow=20
> using this document:
>=20
> "GCC extension for protecting applications from stack-smashing attacks"
> http://www.trl.ibm.com/projects/security/ssp/
>=20
> Why isn't FreeBSD built with such extension (by default) ?

Because it can cause problems for certain things.  The main one I've
found is XFree86, which will fail to run if you build it with
-fstack-protector.  I think it's overriding CFLAGS in parts of the
build, which means that certain things aren't being compiled with
-fstack-protector and fail to link at runtime as a result.

I also found a spurious failure in another application which would
cause it to hit the overflow trap even though nothing was apparently
overflowing.

Also note that it does not provide complete protection against buffer
overflows and other code-based security flaws, and is therefore only a
partial solution to the problem (a useful one nonetheless).

For the most part it works well though, and I compile two of my
systems with it.

Kris

--3MwIy2ne0vdjdPXF
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE73ckwWry0BWjoQKURAoqlAJ96Mbqiph5Vbf2LnihupejpunPAvgCffavt
GpZgIvDB08za6g71CZSqqo8=
=Cx2f
-----END PGP SIGNATURE-----

--3MwIy2ne0vdjdPXF--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message