realpath(3) et al
Devon H. O'Dell
dodell at sitetronics.com
Tue Aug 12 05:00:09 PDT 2003
In any case, IBM has a stack smashing protection patch for GCC 3.3 on
FreeBSD 4.8 available at
http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html (the
description page is at http://www.trl.ibm.com/projects/security/ssp/). It
currently works in the latest cvsupped source from 5.1 as well (I've built
and tested it).
Kind regards,
Devon H. O'Dell
Systems and Network Engineer
Simpli, Inc. Web Hosting
http://www.simpli.biz
> -----Oorspronkelijk bericht-----
> Van: owner-freebsd-security at freebsd.org [mailto:owner-freebsd-
> security at freebsd.org] Namens Jason Stone
> Verzonden: Tuesday, August 12, 2003 1:40 PM
> Aan: security at freebsd.org
> Onderwerp: RE: realpath(3) et al
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> > Protecting against stack smashing is quite important; I think many
> > hosting environments not using LISP or other executable-stack-reliant
> > packages would benefit from this. By negating the ability to execute
> > injected code through a buffer overflow, security is highly increased.
>
> I think that this topic has come up before on the list - please check the
> archives before you get into it again.
>
> I think that the consensus has been something along the lines of, it would
> be nice, _but_:
>
> 1) It requires ugly tricks to implement on i386;
> 2) It does not canonically stop the exploitation of buffer overruns -
> yes, it stops the current attacks, but the underlying problem that an
> attacker can change the flow of program execution remains;
> 3) It would break a whole bunch of stuff.
>
>
> -Jason
>
> -------------------------------------------------------------------------
> -
> Freud himself was a bit of a cold fish, and one cannot avoid the
> suspicion
> that he was insufficiently fondled when he was an infant.
> -- Ashley Montagu
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (FreeBSD)
> Comment: See https://private.idealab.com/public/jason/jason.gpg
>
> iD8DBQE/ONIbswXMWWtptckRAmeWAKCR0+gKO1TeBncCaIzGaz0OuIaEnwCgpe7u
> o6iRC44JMJe86lhPj7CqdEg=
> =ijiO
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-
> unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list