41 messages in org.freebsd.freebsd-archIntegration of ProPolice in FreeBSD| From | Sent On | Attachments |
|---|---|---|
| Jeremie Le Hen | Apr 18, 2008 1:48 pm | |
| Antoine Brodin | Apr 18, 2008 3:03 pm | |
| Marcel Moolenaar | Apr 18, 2008 3:52 pm | |
| Jeremie Le Hen | Apr 18, 2008 4:47 pm | |
| Jeremie Le Hen | Apr 18, 2008 5:28 pm | |
| Max Laier | Apr 18, 2008 5:48 pm | |
| Marcel Moolenaar | Apr 18, 2008 6:46 pm | |
| Marcel Moolenaar | Apr 18, 2008 7:20 pm | |
| Jeremie Le Hen | Apr 18, 2008 11:35 pm | |
| Steve Kargl | Apr 19, 2008 12:17 am | |
| Garance A Drosehn | Apr 19, 2008 12:37 am | |
| Garance A Drosehn | Apr 19, 2008 12:44 am | |
| Garance A Drosehn | Apr 19, 2008 12:59 am | |
| Garance A Drosehn | Apr 19, 2008 1:23 am | |
| Peter Jeremy | Apr 19, 2008 7:13 am | |
| Jeremie Le Hen | Apr 19, 2008 1:04 pm | |
| Jeremie Le Hen | Apr 19, 2008 1:15 pm | |
| Jeremie Le Hen | Apr 19, 2008 1:56 pm | |
| Steve Kargl | Apr 19, 2008 3:56 pm | |
| Jeremie Le Hen | Apr 19, 2008 4:01 pm | |
| Garance A Drosehn | Apr 19, 2008 6:47 pm | |
| Mark Linimon | Apr 19, 2008 9:24 pm | |
| Ed Schouten | Apr 20, 2008 9:58 am | |
| Antoine Brodin | Apr 20, 2008 10:20 am | |
| Jeremie Le Hen | Apr 23, 2008 1:19 pm | |
| John Baldwin | Apr 23, 2008 2:03 pm | |
| Jeremie Le Hen | Apr 23, 2008 2:36 pm | |
| John Baldwin | Apr 23, 2008 7:54 pm | |
| Antoine Brodin | Apr 23, 2008 8:25 pm | |
| David O'Brien | Apr 27, 2008 1:58 am | |
| Jeremie Le Hen | May 2, 2008 7:03 am |  .diff |
| Marcel Moolenaar | May 2, 2008 3:52 pm | |
| David O'Brien | May 4, 2008 4:00 am | |
| Jeremie Le Hen | May 5, 2008 9:13 pm | |
| Jeremie Le Hen | May 14, 2008 9:13 am | |
| Jeremie Le Hen | Jun 9, 2008 8:13 pm | .diff |
| Kris Kennaway | Jun 24, 2008 10:27 pm | |
| Kris Kennaway | Jun 24, 2008 11:12 pm | |
| Jeremie Le Hen | Jun 25, 2008 9:30 am | |
| Kris Kennaway | Jun 25, 2008 12:01 pm | |
| Robert Watson | Jun 26, 2008 12:13 pm |
| Subject: | Integration of ProPolice in FreeBSD | |
|---|---|---|
| From: | Marcel Moolenaar (xcl...@mac.com) | |
| Date: | Apr 18, 2008 7:20:45 pm | |
| List: | org.freebsd.freebsd-arch | |
On Apr 18, 2008, at 10:45 AM, Max Laier wrote:
On Friday 18 April 2008 15:27:49 Jeremie Le Hen wrote:
Hi,
As you may already know I've integrated GCC's ProPolice into FreeBSD. The build infrastructure overlord, namely ru@, (I'm quoting kan@) has reviewed the patch and technically it is ready to hit the CVS tree.
A few things should be discussed beforehand though.
First, should we build world and/or kernel with SSP by default? I've scamped a trivial benchmark back in 2006: timing buildworld with and without SSP. You can found the result on my webpage: http://tataz.chchile.org/~tataz/FreeSBD/SSP/#section1
404 :-\
Also, the original ProPolice author achieved a thorough performance comparison with and without SSP, and the overhead is really small: http://www.trl.ibm.com/projects/security/ssp/node5.html I would like to reach a consensus on whether SSP should be opt-in or opt-out on FreeBSD.
Another concern that Robert Watson showed back in 2006 [1] when I brought forward my patch was the compatibility between pre-SSP and post-SSP binaries/libraries.
I'll try to make it simple and short. SSP requires two additional symbols that are kindly provided by libc. Any binary or library compiled with SSP will require them. As long as your libc contains the symbols, you can smoothly run pre-SSP applications with post-SSP libs as well as the other way around.
Also Kris explained [2] that once applied, it is painful to try to revert the change (removing SSP symbols from libc). This is true but once the patch gets committed, it should hopefully never happen.
So I'd suggest something along the lines of:
1) Add the needed support symbols to libc (they don't hurt anyone, right?)
autoconf?
With tools like autoconf, I'm much less inclined to say that some unused symbol, library, header or whatever is harmless. I've turned into a "if we don't use it, don't add/keep it" person :-)
-- Marcel Moolenaar xcl...@mac.com