building with WITHOUT_SSP side effect
Anthony Pankov
ap00 at mail.ru
Mon Mar 4 19:25:41 UTC 2019
In my case no applications from the base "world" listen to the
internet (no open ports from syslogd, bind, sendmail, etc). Also there
is no public login to servers.
So I see SSP as waste of billions and billions instruction. The
probability of joint events: the known user become an evil hacker
AND the weakest point is the buffer overflow in systems base world -
is near zero. At least because weakest point can be obtained more
easily from misconfiguration, additional packages etc.
The idea was to throw out SSP from kernel and base world but
fortify sshd, postfix etc. But things went not as smooth as desired.
> I'm curious about your use case for building without stack cookies.
> Thanks,
--
Best regards,
Anthony Pankov mailto:ap00 at mail.ru
More information about the freebsd-hackers
mailing list