realpath(3) et al

Devon H. O'Dell dodell at sitetronics.com
Tue Aug 12 05:00:09 PDT 2003 

In any case, IBM has a stack smashing protection patch for GCC 3.3 on
FreeBSD 4.8 available at
http://www.trl.ibm.com/projects/security/ssp/buildfreebsd.html (the
description page is at http://www.trl.ibm.com/projects/security/ssp/). It
currently works in the latest cvsupped source from 5.1 as well (I've built
and tested it).

Kind regards,

Devon H. O'Dell
Systems and Network Engineer
Simpli, Inc. Web Hosting
http://www.simpli.biz

> -----Oorspronkelijk bericht-----
> Van: owner-freebsd-security at freebsd.org [mailto:owner-freebsd-
> security at freebsd.org] Namens Jason Stone
> Verzonden: Tuesday, August 12, 2003 1:40 PM
> Aan: security at freebsd.org
> Onderwerp: RE: realpath(3) et al
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> > Protecting against stack smashing is quite important; I think many
> > hosting environments not using LISP or other executable-stack-reliant
> > packages would benefit from this. By negating the ability to execute
> > injected code through a buffer overflow, security is highly increased.
> 
> I think that this topic has come up before on the list - please check the
> archives before you get into it again.
> 
> I think that the consensus has been something along the lines of, it would
> be nice, _but_:
> 
> 1) It requires ugly tricks to implement on i386;
> 2) It does not canonically stop the exploitation of buffer overruns -
>    yes, it stops the current attacks, but the underlying problem that an
>    attacker can change the flow of program execution remains;
> 3) It would break a whole bunch of stuff.
> 
> 
>  -Jason
> 
>  -------------------------------------------------------------------------
> -
>  Freud himself was a bit of a cold fish, and one cannot avoid the
> suspicion
>  that he was insufficiently fondled when he was an infant.
> 	-- Ashley Montagu
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (FreeBSD)
> Comment: See https://private.idealab.com/public/jason/jason.gpg
> 
> iD8DBQE/ONIbswXMWWtptckRAmeWAKCR0+gKO1TeBncCaIzGaz0OuIaEnwCgpe7u
> o6iRC44JMJe86lhPj7CqdEg=
> =ijiO
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-
> unsubscribe at freebsd.org"

More information about the freebsd-security mailing list