[fbsd] Integrating ProPolice/SSP into FreeBSD

[Chris]

Jeremie Le Hen wrote:
> Hi list,
>
> I haven't got much feedback so far.  I would be glad if any people
> who have been using this patch told be if they have been faced with
> some problems.
>
> Thank you
> Regards,
> Jeremie
>
> On Fri, May 26, 2006 at 05:34:22PM +0200, Jeremie Le Hen wrote:
>   
>> Hi,
>>
>> first sorry for cross-posting but I thought this patch might interest
>> -CURRENT users as well as people concerned by security.
>>
>> I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step
>> further than it has been realized so far.
>>
>> It is available here :
>>     http://tataz.chchile.org/~tataz/FreeBSD/SSP/
>>
>> Everything is explained on the web page, but I will repeat some
>> informations here.  The patchset is splitted in two parts to ease the
>> review of the patch.  The -propolice patch is only the original
>> ProPolice patch for GCC 3.4.4 applied on FreeBSD source tree.  The
>> -freebsd patch contains the glue I have written to make things neat.
>>
>> The patch exists in both for CURRENT and RELENG_6.  Both introduce a
>> new make.conf(5) (and src.conf(5)) knob to enable stack protection
>> on a per Makefile basis.  It if of course possible to compile your
>> world with it.  Please refer to the web page for more informations.
>>  
>> The patch has been tested and works pretty well.  My laptop and my
>> workstation at work are compiled with SSP : world, kernel and ports,
>> including X.org.
>>
>> I hope you will enjoy it.
>> Regards,
>>     
I'm using it successfuly with the stackp-gap and the random mmap
on 6.1-RELEASE. No problems at all really :) Except that i want a nob
for gcc to use the protection by default. We discussed this in another
email.

I'm also using nomad's 5.4 one of my 5.4-p14 with stack gap and random
mmap (slight modication was needed to get it working), which for me has
the desired default behaviour.

I hope to see this on 6.x too, keep up the good work.

- Chris