realpath(3) et al

Chris Odell chris at redstarnetworks.net
Tue Aug 12 11:32:17 PDT 2003


I would do the same -
 
   For Hosting providers this is actually a benefit for tax reasons - 
 FreeBSD is a not for profit organization.
 
 Chris Odell

-----Original Message-----
From: owner-freebsd-security at freebsd.org
[mailto:owner-freebsd-security at freebsd.org] On Behalf Of Devon H. O'Dell
Sent: Tuesday, August 12, 2003 5:00 AM
To: 'Jason Stone'; security at freebsd.org
Subject: RE: realpath(3) et al


In any case, IBM has a stack smashing protection patch for GCC 3.3 on
FreeBSD 4.8 available at
http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html (the
description page is at http://www.trl.ibm.com/projects/security/ssp/).
It currently works in the latest cvsupped source from 5.1 as well (I've
built and tested it).

Kind regards,

Devon H. O'Dell
Systems and Network Engineer
Simpli, Inc. Web Hosting
http://www.simpli.biz

> -----Oorspronkelijk bericht-----
> Van: owner-freebsd-security at freebsd.org [mailto:owner-freebsd- 
> security at freebsd.org] Namens Jason Stone
> Verzonden: Tuesday, August 12, 2003 1:40 PM
> Aan: security at freebsd.org
> Onderwerp: RE: realpath(3) et al
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> > Protecting against stack smashing is quite important; I think many 
> > hosting environments not using LISP or other 
> > executable-stack-reliant packages would benefit from this. By 
> > negating the ability to execute injected code through a buffer 
> > overflow, security is highly increased.
> 
> I think that this topic has come up before on the list - please check 
> the archives before you get into it again.
> 
> I think that the consensus has been something along the lines of, it 
> would be nice, _but_:
> 
> 1) It requires ugly tricks to implement on i386;
> 2) It does not canonically stop the exploitation of buffer overruns -
>    yes, it stops the current attacks, but the underlying problem that
an
>    attacker can change the flow of program execution remains;
> 3) It would break a whole bunch of stuff.
> 
> 
>  -Jason
> 
>  
>
------------------------------------------------------------------------
-
> -
>  Freud himself was a bit of a cold fish, and one cannot avoid the
> suspicion
>  that he was insufficiently fondled when he was an infant.
> 	-- Ashley Montagu
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (FreeBSD)
> Comment: See https://private.idealab.com/public/jason/jason.gpg
> 
> iD8DBQE/ONIbswXMWWtptckRAmeWAKCR0+gKO1TeBncCaIzGaz0OuIaEnwCgpe7u
> o6iRC44JMJe86lhPj7CqdEg=
> =ijiO
> -----END PGP SIGNATURE----- 
> _______________________________________________
> freebsd-security at freebsd.org mailing list 
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security- 
> unsubscribe at freebsd.org"

_______________________________________________
freebsd-security at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
"freebsd-security-unsubscribe at freebsd.org"



More information about the freebsd-security mailing list