db wrote:
On Thursday 27 October 2005 19:58, you wrote:
Ok thanks, but I was looking for a kernel level patch. Btw which ports
will break?
I did not keep a list, but as far as I remember, the 'pure-pw' binary
from pure-ftpd was the last thing that failed. Because it was not
visible in first place (the port builded fine), I decided the risk of
breaking things without noticing it was not worth it.
Ok, I was planing on using pure-ftpd.
I don't mean that it's a bad thing, but it will cost you some time to
find the bugs, report the bugs and get them fixed. And if you are
willing to use it in a production environment, you have to fully test
the software eacht time you are upgrading to be sure things will not
break. It's also not officially supported as far as I know.
I'm not a kernel hacker and only have access to ia32, so I can't help develop
or test it, but I hope someone with the right skills and means also think
it's about time we give the admins and users the option of a non-executable
stack (and heap). If I can help in any way I will. Maybe my next computer
will be an AMD64, I think it must be the cheapest of the platforms with
hardware support for execute and read permission distinction on memory?
We are using the stack protection patches for GCC in production servers
running FreeBSD 4.11 and everything runs well. We are using a fairly
large number of ports (from samba to php to postgresql, etc.) and none
have shown issues with this feature.
Note that since it is a compiler and library patch, the kernel also
benefits from it. I would say that if a port misbehaves with this, then
it is more likely a problem with the port.
I can't comment on how it work in FreeBSD 5 or 6, but in FreeBSD 4.11 it
rocks.
Patrick.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
