On Tue, Feb 04, 2003 at 11:51:14AM -0800, Justin Lundy wrote: > Has similar work been done in FreeBSD been done? This would be a nice > feature in 5.0-CURRENT. We had SecureBSD, and the IBM port of propolice, > but both projects appear to be defunct at present. If we can integrate > MAC into the kernel, why not port over OpenBSD's rebasing implementation > from /src/sys/kern/kern_exec.c? > > ----- Forwarded message from Eugene Tsyrklevich <[EMAIL PROTECTED]> ----- > "Add a possibility to add a random offset to the stack on exec. This makes > it slightly harder to write generic buffer overflows. This doesn't really > give any real security, but it raises the bar for script-kiddies and it's > really cheap.
AFAIK, no. No similiar work has been done in FreeBSD. Personally I think if one is going to expend effort in making the stack more secure the proper way to do this is to follow NetBSD's example and switch to a signal trampoline provided by libc so that stack pages can be marked non-executable in the first place. Adding random offsets to the stack is never going to be more than a hack. But, the surest way to test whether or not there is support for this among actual FreeBSD developers (of which I am not one) is to post a patch. You'll know pretty quickly one way or the other. Brandon D. Valentine -- [EMAIL PROTECTED] http://www.geekpunk.net "We've been raised on replicas of fake and winding roads, and day after day up on this beautiful stage we've been playing tambourine for minimum wage, but we are real; I know we are real." -- David Berman To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
