RFC Stack protector strong
Pedro Giffuni
pfg at FreeBSD.org
Thu Sep 24 18:27:31 UTC 2015
(excuse me if you get this message repeated .. I hit the wrong list
previously)
Hello;
Our current stack protection is very weak (about 1-2 % coverage).
Google engineers have developed a new level of protection
(about 20% coverage) that according to Google and Redhat has
a negligible impact on performance.
I have opened a code review with a simple update to the default
setting for our stack protector:
https://reviews.freebsd.org/D3463/
Sadly I haven't received much feedback.
I have no hurry to commit this but as stated in the review I think it
is worthwhile. I don’t expect any issue, but it would be better to apply
this change soonish rather than later so any collateral issues are
detected and worked out with ample time before 11-Release.
Any objection? If there is no feedback I will just play with other
things.
Pedro.
More information about the freebsd-security
mailing list