realpath(3) et al
Mike Hoskins
mike at adept.org
Wed Aug 13 18:42:24 PDT 2003
On Tue, 12 Aug 2003, Peter Jeremy wrote:
> >Features such as a protected stack should, IMO, be implemented as soon as
> >possible to keep FreeBSD heads-afloat right now in the security sense....
> >OpenBSD has implemented this already and there are many patches for Linux to
> >do the same... why don't we go ahead and shove some of this code into CVS?
> By "protected" I presume you mean "non-executable". Whilst making the
> stack non-executable is trivial, making the system still work isn't.
> I believe the FreeBSD signal handling still relies on a signal
> trampoline on the stack. Some ports also expect an executable stack
> (most commonly lisp implementations).
i'd also just like to add an aside that's probably obvious...
yes we want security, but we really want to give people options too...
these sorts of measures can have a performance impact. as such, i feel we
should always give users the option of turning them off/on via some easy
to find knob (make.conf/define, kernel, etc.).
-mrh
--
From: "Spam Catcher" <spam-catcher at adept.org>
To: spam-catcher at adept.org
Do NOT send email to the address listed above or
you will be added to a blacklist!
More information about the freebsd-security
mailing list