Non-executable stack
Mike Silbersack
silby at silby.com
Sat Oct 29 05:37:00 PDT 2005
On Thu, 27 Oct 2005, db wrote:
> On Thursday 27 October 2005 06:35, you wrote:
>> I don't think it will ever be in FreeBSD, but I used ProPolice in the past:
>
> I really hope it will. AFAIK OpenBSD implemented this in late 2002 when 3.2
> was released. I can see why FreeBSD doesn't want software protection of the
> stack on systems like ia32, but on ia64 we have hardware support, so why not
> be able to build a kernel with stack (and heap?) protection?
The issue is not one of want, but one of practicality. FreeBSD updates
to new versions of gcc relatively frequently, and having to update the
propolice patch with each update (or waiting for an update) would be
additional work.
It appears that propolice has finally made its way into gcc 4.1, so
hopefully that will be ready for FreeBSD 7.
Mike "Silby" Silbersack
More information about the freebsd-security
mailing list