Date: Fri, 18 Apr 2008 18:58:59 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: Marcel Moolenaar <xcllnt@mac.com> Cc: freebsd-arch@FreeBSD.org Subject: Re: Integration of ProPolice in FreeBSD Message-ID: <20080418165859.GD4840@obiwan.tataz.chchile.org> In-Reply-To: <A9207463-477A-458C-A706-A55AA90DEE7A@mac.com> References: <20080418132749.GB4840@obiwan.tataz.chchile.org> <A9207463-477A-458C-A706-A55AA90DEE7A@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Marcel,
On Fri, Apr 18, 2008 at 08:52:42AM -0700, Marcel Moolenaar wrote:
> > The build infrastructure overlord, namely ru@, (I'm quoting kan@) has
> > reviewed the patch and technically it is ready to hit the CVS tree.
> >
> > A few things should be discussed beforehand though.
> >
> > First, should we build world and/or kernel with SSP by default?
>
> Really, first is: what platforms does this apply to and/or have
> you tested this on?
The patch enables SSP for all archs. Unfortunately I've not been able
to test it myself on other arch than i386, but two years ago I've got a
successful feedback from Pascal Hofstee on amd64. ISTR there was a
sparc64 user too, but I'm not sure.
This should theorically work for all arch as, from what I've read,
ProPolice takes place at the intermediate representation level of the
compiler. This should therefore be architecture agnostic.
> > I would like to reach a consensus on whether SSP should be opt-in or
> > opt-out on FreeBSD.
>
> That depends: what's the benefit of ProPolice on ia64?
>
> Also: please provide references to ProPolice.
I think the original author's website will explain things better than
me :-).
http://www.trl.ibm.com/projects/security/ssp/
Basically, a "canary" is randomly chosen when the program starts (this
part lives in libc). GCC inserts code in prologue and epilogue of all
functions that contains a buffer of 8 or more bytes. In the prologue,
the canary is pushed on the stack right after the return valued has been
pushed, and this value is then checked in function epilogue. If the
value in the stack has changed, there has been a buffer overflow
ProPolice has originally been a patch against gcc2 and gcc3, but it has
been integrated to GCC 4.1 IIRC.
I hope this will answer to your concerns.
Best regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080418165859.GD4840>