[CFT/HEADSUP] Ports now have Stack Protector support
Konstantin Tokarev
annulen at yandex.ru
Sun Sep 22 20:36:17 UTC 2013
22.09.2013, 19:48, "Eitan Adler" <lists at eitanadler.com>:
> On Sun, Sep 22, 2013 at 10:01 AM, Konstantin Tokarev <annulen at yandex.ru> wrote:
>
>> 21.09.2013, 18:26, "Nathan Whitehorn" <nwhitehorn at freebsd.org>:
>>> On 09/21/13 09:09, Bryan Drewery wrote:
>>>> On 9/21/2013 9:00 AM, Nathan Whitehorn wrote:
>>>>> On 09/21/13 05:47, Bryan Drewery wrote:
>>>>>> Ports now support enabling Stack Protector [1] support on FreeBSD 10
>>>>>> i386 and amd64, and older releases on amd64 only currently.
>>>>> Why only those architectures?
>>>>> -Nathan
>>>> I was only able to test on amd64 and i386. And that took 37 exp-runs
>>>> over a month.
>>>>
>>>> See commit and CHANGES for more discussion on why not i386 on <10:
>>>>
>>>> http://svnweb.freebsd.org/ports?view=revision&revision=327697
>>> OK. If I set this on powerpc anyway, will it turn on? I'm happy to
>>> (slowly) test it there.
>> AFAIU, it's pointless to use stack protector on ppc because stack smashing
>> attacks are just impossible here.
>
> Could you explain why?
Oops, I was wrong. It's impossible to overwrite return address directly by smashing stack (because it's kept in register), but other techniques exist.
--
Regards,
Konstantin
More information about the freebsd-ports
mailing list