realpath(3) et al
Devon H. O'Dell
dodell at sitetronics.com
Tue Aug 12 13:49:38 PDT 2003
If you guys are too busy for maintaining this port, shall I take on this
burden?
--Devon
> -----Oorspronkelijk bericht-----
> Van: Kris Kennaway [mailto:kris at obsecurity.org]
> Verzonden: Tuesday, August 12, 2003 10:48 PM
> Aan: Jacques A. Vidrine; Devon H. O'Dell; 'Jason Stone';
> security at freebsd.org; kris at FreeBSD.org
> Onderwerp: Re: realpath(3) et al
>
> On Tue, Aug 12, 2003 at 02:59:46PM -0500, Jacques A. Vidrine wrote:
> > On Tue, Aug 12, 2003 at 01:59:51PM +0200, Devon H. O'Dell wrote:
> > > In any case, IBM has a stack smashing protection patch for GCC 3.3 on
> > > FreeBSD 4.8 available at
> > > http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html (the
> > > description page is at http://www.trl.ibm.com/projects/security/ssp/).
> It
> > > currently works in the latest cvsupped source from 5.1 as well (I've
> built
> > > and tested it).
> >
> > http://www.research.ibm.com/trl/projects/security/ssp/ has the latest.
> > Yes, I'd like to see this in the base system as well. Our toolchain
> > in 5.x is calming down a bit, maybe the timing is getting ripe.
> >
> > I thought Kris looked into this before, but I don't recall what might
> > have ultimately stopped him from making the commits. cc:ing him in
> > case he has insight to share.
>
> The gcc maintainer (David O'Brien at the time) was unwilling to
> support the burden of an external gcc patch which would need to be
> re-integrated by him each time a new gcc version was imported.
>
> Instead, we agreed that the best solution was to make a port that uses
> this patch, which can be updated periodically as the SSP authors track
> new gcc releases. Neither of us followed through on this though.
>
> Kris
More information about the freebsd-security
mailing list