ProPolice/SSP in 7.0

Robert Watson rwatson at FreeBSD.org
Thu Dec 27 16:44:35 PST 2007


On Thu, 27 Dec 2007, Dag-Erling Smørgrav wrote:

> Gunther Mayer <gunther.mayer at googlemail.com> writes:
>> I've known about ProPolice/SSP for a while now (from the Gentoo world) and 
>> am aware that FreeBSD 7.0 doesn't yet support it though I know of Jeremy Le 
>> Hen's patches (http://tataz.chchile.org/~tataz/FreeBSD/SSP/).
>
> Wrong.  FreeBSD 7 has had SSP support since May; the patch you mention just 
> turns it on by default.  You can probably achieve the same effect by adding 
> -fstack-protector to CFLAGS and COPTFLAGS in make.conf.

I'd very much like us to think about turning it on by default -- while stack 
protection is necessarily imperfect, it is increasingly considered a standard 
compiler feature to have enabled on operating systems.  In fact, I know of 
relatively few that don't enable it by default...

Robert N M Watson
Computer Laboratory
University of Cambridge


More information about the freebsd-security mailing list