From owner-freebsd-security  Mon Oct 29  0:22:44 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.net2000.ch (mail.net2000.ch [62.2.252.229])
	by hub.freebsd.org (Postfix) with ESMTP id 5567737B401
	for <freebsd-security@freebsd.org>; Mon, 29 Oct 2001 00:22:39 -0800 (PST)
Received: from 2113.ch ([193.247.254.13]) by mail.net2000.ch
          (Netscape Messaging Server 3.5)  with ESMTP id AAAF08;
          Mon, 29 Oct 2001 09:20:03 +0100
Message-ID: <3BDD11C8.4746A7BD@2113.ch>
Date: Mon, 29 Oct 2001 09:22:33 +0100
From: Luc <luc@2113.ch>
Reply-To: luc@2113.ch
X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-security@freebsd.org
Cc: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>
Subject: Re: BUFFER OVERFLOW EXPLOITS
References: <Pine.BSF.4.21.0110281500030.6086-100000@lhotse.zaraska.dhs.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hello,

> Is this programming, compiler or compiling options error?
> How to avoid this problem on practice (writing programs)?

Can one confirm we may prevent FreeBSD buffer overflow 
using this document:

"GCC extension for protecting applications from stack-smashing attacks"
http://www.trl.ibm.com/projects/security/ssp/

Why isn't FreeBSD built with such extension (by default) ?

Thanks all
Luc

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message