On Tue, Aug 26, 2003 at 02:01:48PM -0300, Alex wrote:
> Hello,
> Does anybody recommend using this?
> How to build FreeBSD with propolice protection
> http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html

If you have a server carrying particularly valuable or sensitive data,
then, yes the propolice patches can add an extra layer of security.

However, there are certain otherwise harmless software constructs that
involve writing to the stack that this software will cause to fail.
Certain applications simply will not work.

For an ordinary desktop or home machine it's probably overkill, and
paying attention to security announcements and keeping your machine
properly up to date and not running extraneous daemons and following
all of the other standard good security advice should be sufficient.
> After implementing it, how to make sure it's working correctly?

Write a small C program that will let you overflow an array and
trample on the stack. By convention, the usage is to overflow the
array with a long string of A characters.  Analyse the core dump thus
obtained.  If the EIP has been overwritten with the value 0x41414141
then the patches definitely aren't working.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to