atom feed16 messages in org.freebsd.freebsd-securityIntegrating ProPolice/SSP into FreeBSD
FromSent OnAttachments
Jeremie Le HenMay 26, 2006 8:35 am 
Robert WatsonMay 26, 2006 11:42 am 
Kris KennawayMay 26, 2006 11:51 am 
Garance A DrosehnMay 26, 2006 3:21 pm 
Daniel EischenMay 26, 2006 3:22 pm 
Alexander KabaevMay 26, 2006 3:39 pm 
Steve KarglMay 26, 2006 7:20 pm 
Alexander KabaevMay 26, 2006 8:33 pm 
Jeremie Le HenMay 27, 2006 10:25 am 
Jeremie Le HenMay 27, 2006 10:27 am 
Josh CarrollMay 29, 2006 2:19 pm 
Pascal HofsteeMay 29, 2006 2:21 pm 
Jeremie Le HenJun 9, 2006 9:57 am 
ChrisJun 9, 2006 8:40 pm 
Giorgos KeramidasJun 9, 2006 11:30 pm 
Hugo SilvaJun 10, 2006 4:57 pm 
Subject:Integrating ProPolice/SSP into FreeBSD
From:Jeremie Le Hen (jere@le-hen.org)
Date:May 26, 2006 8:35:26 am
List:org.freebsd.freebsd-security

Hi,

first sorry for cross-posting but I thought this patch might interest -CURRENT users as well as people concerned by security.

I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step further than it has been realized so far.

It is available here : http://tataz.chchile.org/~tataz/FreeBSD/SSP/

Everything is explained on the web page, but I will repeat some informations here. The patchset is splitted in two parts to ease the review of the patch. The -propolice patch is only the original ProPolice patch for GCC 3.4.4 applied on FreeBSD source tree. The -freebsd patch contains the glue I have written to make things neat.

The patch exists in both for CURRENT and RELENG_6. Both introduce a new make.conf(5) (and src.conf(5)) knob to enable stack protection on a per Makefile basis. It if of course possible to compile your world with it. Please refer to the web page for more informations.

The patch has been tested and works pretty well. My laptop and my workstation at work are compiled with SSP : world, kernel and ports, including X.org.

I hope you will enjoy it. Regards,