Re: Non-executable stack
db wrote:
> On Thursday 27 October 2005 19:58, you wrote:
>
>>> Ok thanks, but I was looking for a kernel level patch. Btw which ports
>>> will break?
>>>
>> I did not keep a list, but as far as I remember, the 'pure-pw' binary
>> from pure-ftpd was the last thing that failed. Because it was not
>> visible in first place (the port builded fine), I decided the risk of
>> breaking things without noticing it was not worth it.
>>
>
> Ok, I was planing on using pure-ftpd.
>
>
>> I don't mean that it's a bad thing, but it will cost you some time to
>> find the bugs, report the bugs and get them fixed. And if you are
>> willing to use it in a production environment, you have to fully test
>> the software eacht time you are upgrading to be sure things will not
>> break. It's also not officially supported as far as I know.
>>
>
> I'm not a kernel hacker and only have access to ia32, so I can't help develop
> or test it, but I hope someone with the right skills and means also think
> it's about time we give the admins and users the option of a non-executable
> stack (and heap). If I can help in any way I will. Maybe my next computer
> will be an AMD64, I think it must be the cheapest of the platforms with
> hardware support for execute and read permission distinction on memory?
>
We are using the stack protection patches for GCC in production servers
running FreeBSD 4.11 and everything runs well. We are using a fairly
large number of ports (from samba to php to postgresql, etc.) and none
have shown issues with this feature.
Note that since it is a compiler and library patch, the kernel also
benefits from it. I would say that if a port misbehaves with this, then
it is more likely a problem with the port.
I can't comment on how it work in FreeBSD 5 or 6, but in FreeBSD 4.11 it
rocks.
Patrick.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 6 之 18 篇):