Date: Tue, 12 Aug 2003 13:59:51 +0200 From: "Devon H. O'Dell" <dodell@sitetronics.com> To: "'Jason Stone'" <freebsd-security@dfmm.org>, <security@freebsd.org> Subject: RE: realpath(3) et al Message-ID: <006601c360c9$3c9cfc40$9f8d2ed5@internal> In-Reply-To: <20030812042912.V3417@walter>
next in thread | previous in thread | raw e-mail | index | archive | help
In any case, IBM has a stack smashing protection patch for GCC 3.3 on FreeBSD 4.8 available at http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html (the description page is at http://www.trl.ibm.com/projects/security/ssp/). = It currently works in the latest cvsupped source from 5.1 as well (I've = built and tested it). Kind regards, Devon H. O'Dell Systems and Network Engineer Simpli, Inc. Web Hosting http://www.simpli.biz > -----Oorspronkelijk bericht----- > Van: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- > security@freebsd.org] Namens Jason Stone > Verzonden: Tuesday, August 12, 2003 1:40 PM > Aan: security@freebsd.org > Onderwerp: RE: realpath(3) et al >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 >=20 > > Protecting against stack smashing is quite important; I think many > > hosting environments not using LISP or other = executable-stack-reliant > > packages would benefit from this. By negating the ability to execute > > injected code through a buffer overflow, security is highly = increased. >=20 > I think that this topic has come up before on the list - please check = the > archives before you get into it again. >=20 > I think that the consensus has been something along the lines of, it = would > be nice, _but_: >=20 > 1) It requires ugly tricks to implement on i386; > 2) It does not canonically stop the exploitation of buffer overruns - > yes, it stops the current attacks, but the underlying problem that = an > attacker can change the flow of program execution remains; > 3) It would break a whole bunch of stuff. >=20 >=20 > -Jason >=20 > = -------------------------------------------------------------------------= > - > Freud himself was a bit of a cold fish, and one cannot avoid the > suspicion > that he was insufficiently fondled when he was an infant. > -- Ashley Montagu > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (FreeBSD) > Comment: See https://private.idealab.com/public/jason/jason.gpg >=20 > iD8DBQE/ONIbswXMWWtptckRAmeWAKCR0+gKO1TeBncCaIzGaz0OuIaEnwCgpe7u > o6iRC44JMJe86lhPj7CqdEg=3D > =3DijiO > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security- > unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006601c360c9$3c9cfc40$9f8d2ed5>