Non-executable stack
Jimmy Scott
jimmy at inet-solutions.be
Thu Oct 27 12:58:46 PDT 2005
On Thu, Oct 27, 2005 at 03:11:35PM +0000, db wrote:
> On Thursday 27 October 2005 06:35, you wrote:
>
> > http://www.research.ibm.com/trl/projects/security/ssp/buildfreebsd.html
> >
> > The patch should be for 5.x in general, I don't use it anymore since some
> > ports will break, if you play with it you can disable it by default and
> > enable it explicit when you are willing to compile a binary with it.
>
> Ok thanks, but I was looking for a kernel level patch. Btw which ports will
> break?
>
I did not keep a list, but as far as I remember, the 'pure-pw' binary
from pure-ftpd was the last thing that failed. Because it was not
visible in first place (the port builded fine), I decided the risk of
breaking things without noticing it was not worth it.
I don't mean that it's a bad thing, but it will cost you some time to
find the bugs, report the bugs and get them fixed. And if you are
willing to use it in a production environment, you have to fully test
the software eacht time you are upgrading to be sure things will not
break. It's also not officially supported as far as I know.
Kind regards,
Jimmy Scott
--
People usually get what's coming to them ... unless it's been mailed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20051027/dd32451d/attachment.bin
More information about the freebsd-security
mailing list