RFC Stack protector strong

Pedro Giffuni pfg at FreeBSD.org
Thu Sep 24 18:27:31 UTC 2015


(excuse me if you get this message repeated .. I hit the wrong list 
previously)

Hello;

Our current stack protection is very weak (about 1-2 % coverage).
Google engineers have developed a new level of protection
(about 20% coverage) that according to Google and Redhat has
a negligible impact on performance.

I have opened a code review with a simple update to the default
setting for our stack protector:

https://reviews.freebsd.org/D3463/

Sadly I haven't received much feedback.

I have no hurry to commit this but as stated in the review I think it
is worthwhile. I don’t expect any issue, but it would be better to apply
this change soonish rather than later so any collateral issues are
detected and worked out with ample time before 11-Release.

Any objection?  If there is no feedback I will just play with other
things.

Pedro.


More information about the freebsd-security mailing list