Integration of ProPolice in FreeBSD

Garance A Drosehn gad at FreeBSD.org
Sat Apr 19 18:47:28 UTC 2008 

At 11:37 AM +0200 4/19/08, Jeremie Le Hen wrote:
>
>On Fri, Apr 18, 2008 at 08:37:24PM -0400, Garance A Drosehn wrote:
>  >
>>   So, in my mind there's the step of "enabling SSP", and then there's
>>   the step of "compiling programs with stack-protection on".  I think
>>   we could also split that the second step in stages:
>>
>>     a) add stack-protection to all setuid programs in the base system.
>>     b) add stack-protection to all "/usr/sbin" programs in the base.
>>     c) add stack-protection to all programs in the base.
>>     d) compile ports with stack-protection on.
>>
>>   Is that a reasonable breakdown?  We could (perhaps) have four
>>   switches, and people could turn on whatever wants they wanted.  But
>>   as far as the *default* values, we might want "class A" to default
>>   on for 8.0-release, but the other classes to default off.  Then
>>   (maybe) add another class each time we make another release.
>
>On Sat, Apr 19, 2008 at 05:14:00PM +1000, Peter Jeremy wrote:
>  > I would agree that a phased approach to enabling SSP is warranted
>  > but I believe it should wind up enabled by default in -current
>  > fairly rapidly.  Once the Project has gained more familiarity with
>  > SSP and its impacts, a decision can be made as to whether it should
>  > default to on or off in -stable and releases.
>
>Provided the very little performance overhead [1], my leaning goes
>toward Peter here.

My comment was talking about how we would roll out SSP for *releases*.
I do agree we'd move faster for having developers test it in -current.

>Moreover given that some ports simply don't compile with SSP (qemu,
>gcc4, etherboot), my personal opinion is it should be enabled by
>default for ports on -CURRENT in order to spot those out.

This part I'm not so sure of.  The fact that I'm willing to run
freebsd-current to test *freebsd* changes does not mean that I want
to be constantly tripping over port-specific problems.  I realize
that SSP is certainly useful for ports, but that's > 15,000 programs
which we probably have little control over.  It's going to take quite
awhile before we get that sorted out.

I guess I don't have any specific recommendation for how to handle SSP
in the ports collection.  Maybe per-port settings, although that would
also get messy.  The main ports-developers should decide how SSP should
be rolled out through the ports collection.

-- 
Garance Alistair Drosehn     =               drosehn at rpi.edu
Senior Systems Programmer               or   gad at FreeBSD.org
Rensselaer Polytechnic Institute;             Troy, NY;  USA

More information about the freebsd-arch mailing list