realpath(3) et al
Chris Odell
chris at redstarnetworks.net
Tue Aug 12 11:32:17 PDT 2003
I would do the same -
For Hosting providers this is actually a benefit for tax reasons -
FreeBSD is a not for profit organization.
Chris Odell
-----Original Message-----
From: owner-freebsd-security at freebsd.org
[mailto:owner-freebsd-security at freebsd.org] On Behalf Of Devon H. O'Dell
Sent: Tuesday, August 12, 2003 5:00 AM
To: 'Jason Stone'; security at freebsd.org
Subject: RE: realpath(3) et al
In any case, IBM has a stack smashing protection patch for GCC 3.3 on
FreeBSD 4.8 available at
http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html (the
description page is at http://www.trl.ibm.com/projects/security/ssp/).
It currently works in the latest cvsupped source from 5.1 as well (I've
built and tested it).
Kind regards,
Devon H. O'Dell
Systems and Network Engineer
Simpli, Inc. Web Hosting
http://www.simpli.biz
> -----Oorspronkelijk bericht-----
> Van: owner-freebsd-security at freebsd.org [mailto:owner-freebsd-
> security at freebsd.org] Namens Jason Stone
> Verzonden: Tuesday, August 12, 2003 1:40 PM
> Aan: security at freebsd.org
> Onderwerp: RE: realpath(3) et al
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> > Protecting against stack smashing is quite important; I think many
> > hosting environments not using LISP or other
> > executable-stack-reliant packages would benefit from this. By
> > negating the ability to execute injected code through a buffer
> > overflow, security is highly increased.
>
> I think that this topic has come up before on the list - please check
> the archives before you get into it again.
>
> I think that the consensus has been something along the lines of, it
> would be nice, _but_:
>
> 1) It requires ugly tricks to implement on i386;
> 2) It does not canonically stop the exploitation of buffer overruns -
> yes, it stops the current attacks, but the underlying problem that
an
> attacker can change the flow of program execution remains;
> 3) It would break a whole bunch of stuff.
>
>
> -Jason
>
>
>
------------------------------------------------------------------------
-
> -
> Freud himself was a bit of a cold fish, and one cannot avoid the
> suspicion
> that he was insufficiently fondled when he was an infant.
> -- Ashley Montagu
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (FreeBSD)
> Comment: See https://private.idealab.com/public/jason/jason.gpg
>
> iD8DBQE/ONIbswXMWWtptckRAmeWAKCR0+gKO1TeBncCaIzGaz0OuIaEnwCgpe7u
> o6iRC44JMJe86lhPj7CqdEg=
> =ijiO
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-
> unsubscribe at freebsd.org"
_______________________________________________
freebsd-security at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
"freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list