Integration of ProPolice in FreeBSD
Jeremie Le Hen
jeremie at le-hen.org
Fri Apr 18 13:48:20 UTC 2008
Hi,
As you may already know I've integrated GCC's ProPolice into FreeBSD.
The build infrastructure overlord, namely ru@, (I'm quoting kan@) has
reviewed the patch and technically it is ready to hit the CVS tree.
A few things should be discussed beforehand though.
First, should we build world and/or kernel with SSP by default? I've
scamped a trivial benchmark back in 2006: timing buildworld with and
without SSP. You can found the result on my webpage:
http://tataz.chchile.org/~tataz/FreeSBD/SSP/#section1
Also, the original ProPolice author achieved a thorough performance
comparison with and without SSP, and the overhead is really small:
http://www.trl.ibm.com/projects/security/ssp/node5.html
I would like to reach a consensus on whether SSP should be opt-in or
opt-out on FreeBSD.
Another concern that Robert Watson showed back in 2006 [1] when I brought
forward my patch was the compatibility between pre-SSP and post-SSP
binaries/libraries.
I'll try to make it simple and short. SSP requires two additional
symbols that are kindly provided by libc. Any binary or library
compiled with SSP will require them. As long as your libc contains the
symbols, you can smoothly run pre-SSP applications with post-SSP libs as
well as the other way around.
Also Kris explained [2] that once applied, it is painful to try to
revert the change (removing SSP symbols from libc). This is true but
once the patch gets committed, it should hopefully never happen.
[1] http://lists.freebsd.org/pipermail/freebsd-security/2006-May/003751.html
[2] http://lists.freebsd.org/pipermail/freebsd-security/2006-May/003752.html
Thank you.
Best regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
More information about the freebsd-arch
mailing list