atom feed41 messages in org.freebsd.freebsd-archIntegration of ProPolice in FreeBSD
FromSent OnAttachments
Jeremie Le HenApr 18, 2008 1:48 pm 
Antoine BrodinApr 18, 2008 3:03 pm 
Marcel MoolenaarApr 18, 2008 3:52 pm 
Jeremie Le HenApr 18, 2008 4:47 pm 
Jeremie Le HenApr 18, 2008 5:28 pm 
Max LaierApr 18, 2008 5:48 pm 
Marcel MoolenaarApr 18, 2008 6:46 pm 
Marcel MoolenaarApr 18, 2008 7:20 pm 
Jeremie Le HenApr 18, 2008 11:35 pm 
Steve KarglApr 19, 2008 12:17 am 
Garance A DrosehnApr 19, 2008 12:37 am 
Garance A DrosehnApr 19, 2008 12:44 am 
Garance A DrosehnApr 19, 2008 12:59 am 
Garance A DrosehnApr 19, 2008 1:23 am 
Peter JeremyApr 19, 2008 7:13 am 
Jeremie Le HenApr 19, 2008 1:04 pm 
Jeremie Le HenApr 19, 2008 1:15 pm 
Jeremie Le HenApr 19, 2008 1:56 pm 
Steve KarglApr 19, 2008 3:56 pm 
Jeremie Le HenApr 19, 2008 4:01 pm 
Garance A DrosehnApr 19, 2008 6:47 pm 
Mark LinimonApr 19, 2008 9:24 pm 
Ed SchoutenApr 20, 2008 9:58 am 
Antoine BrodinApr 20, 2008 10:20 am 
Jeremie Le HenApr 23, 2008 1:19 pm 
John BaldwinApr 23, 2008 2:03 pm 
Jeremie Le HenApr 23, 2008 2:36 pm 
John BaldwinApr 23, 2008 7:54 pm 
Antoine BrodinApr 23, 2008 8:25 pm 
David O'BrienApr 27, 2008 1:58 am 
Jeremie Le HenMay 2, 2008 7:03 am.diff
Marcel MoolenaarMay 2, 2008 3:52 pm 
David O'BrienMay 4, 2008 4:00 am 
Jeremie Le HenMay 5, 2008 9:13 pm 
Jeremie Le HenMay 14, 2008 9:13 am 
Jeremie Le HenJun 9, 2008 8:13 pm.diff
Kris KennawayJun 24, 2008 10:27 pm 
Kris KennawayJun 24, 2008 11:12 pm 
Jeremie Le HenJun 25, 2008 9:30 am 
Kris KennawayJun 25, 2008 12:01 pm 
Robert WatsonJun 26, 2008 12:13 pm 
Subject:Integration of ProPolice in FreeBSD
From:Antoine Brodin (anto@FreeBSD.org)
Date:Apr 18, 2008 3:03:41 pm
List:org.freebsd.freebsd-arch

On Fri, Apr 18, 2008 at 3:27 PM, Jeremie Le Hen <jere@le-hen.org> wrote:

Hi,

As you may already know I've integrated GCC's ProPolice into FreeBSD. The build infrastructure overlord, namely ru@, (I'm quoting kan@) has reviewed the patch and technically it is ready to hit the CVS tree.

A few things should be discussed beforehand though.

First, should we build world and/or kernel with SSP by default? I've scamped a trivial benchmark back in 2006: timing buildworld with and without SSP. You can found the result on my webpage: http://tataz.chchile.org/~tataz/FreeSBD/SSP/#section1 Also, the original ProPolice author achieved a thorough performance comparison with and without SSP, and the overhead is really small: http://www.trl.ibm.com/projects/security/ssp/node5.html I would like to reach a consensus on whether SSP should be opt-in or opt-out on FreeBSD.

Another concern that Robert Watson showed back in 2006 [1] when I brought forward my patch was the compatibility between pre-SSP and post-SSP binaries/libraries.

I'll try to make it simple and short. SSP requires two additional symbols that are kindly provided by libc. Any binary or library compiled with SSP will require them. As long as your libc contains the symbols, you can smoothly run pre-SSP applications with post-SSP libs as well as the other way around.

Also Kris explained [2] that once applied, it is painful to try to revert the change (removing SSP symbols from libc). This is true but once the patch gets committed, it should hopefully never happen.

[1] http://lists.freebsd.org/pipermail/freebsd-security/2006-May/003751.html [2] http://lists.freebsd.org/pipermail/freebsd-security/2006-May/003752.html

Last time I looked at your patch, there was a problem when using -fstack-protector-all instead of -fstack-protector: when you compile lib/csu/*, gnu/lib/csu/*, or src/lib/libc/sys/stack_protector.c with this flag, there is a kind of chicken/egg problem and you end up with an unusable world. That said, it would be great to be able to compile world with SSP when an option is set in src.conf.

Cheers,

Antoine