ProPolice/SSP in 7.0
Robert Watson
rwatson at FreeBSD.org
Thu Dec 27 16:44:35 PST 2007
On Thu, 27 Dec 2007, Dag-Erling Smørgrav wrote:
> Gunther Mayer <gunther.mayer at googlemail.com> writes:
>> I've known about ProPolice/SSP for a while now (from the Gentoo world) and
>> am aware that FreeBSD 7.0 doesn't yet support it though I know of Jeremy Le
>> Hen's patches (http://tataz.chchile.org/~tataz/FreeBSD/SSP/).
>
> Wrong. FreeBSD 7 has had SSP support since May; the patch you mention just
> turns it on by default. You can probably achieve the same effect by adding
> -fstack-protector to CFLAGS and COPTFLAGS in make.conf.
I'd very much like us to think about turning it on by default -- while stack
protection is necessarily imperfect, it is increasingly considered a standard
compiler feature to have enabled on operating systems. In fact, I know of
relatively few that don't enable it by default...
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-security
mailing list