Alexander Kabaev wrote:
On Thu, 27 Dec 2007 23:52:02 +0100
Dag-Erling Smørgrav <[EMAIL PROTECTED]> wrote:
Gunther Mayer <[EMAIL PROTECTED]> writes:
I've known about ProPolice/SSP for a while now (from the Gentoo
world) and am aware that FreeBSD 7.0 doesn't yet support it though
I know of Jeremy Le Hen's patches
(http://tataz.chchile.org/~tataz/FreeBSD/SSP/).
Wrong. FreeBSD 7 has had SSP support since May; the patch you mention
just turns it on by default. You can probably achieve the same effect
by adding -fstack-protector to CFLAGS and COPTFLAGS in make.conf.
DES
--
Dag-Erling Smørgrav - [EMAIL PROTECTED]
Wrong.
Actually, FreeBSD 7 _compiler_ has SSP support, but a lot of necessary
changes from Jeremy to enable it by default for 'make buildworld' and
allow switching of SSP on/off for subsequent builds never made it to the
tree.
That's what I thought. I'm not sure if CFLAGS and COPTFLAGS work the
same for both ports and buildworld but then again I don't know enough
about FreeBSD's build system.
Besides, I'm still waiting for some feedback regarding the kernel patch,
I'm a bit hesitant to apply it in a production environment.
Another thing I'm wondering about, applying the patches and recompiling
is all fair and well but what do I do when I need to apply a security
patch and there happens to be a merge conflict because I'm now working
off a non-standard (patched) set of sources? I just want a hassle free
way to add SSP to my systems...
Btw, I second the motion of having SSP enabled by default in FreeBSD,
other OS's have been doing this for years at a negligible performance
overhead.
Gunther
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
