DragonFly kernel List (threaded) for 2003-12
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: propolice for GCC?

From:	Ryan Dooley <dooleyr@xxxxxxxxxxxx>
Date:	Wed, 10 Dec 2003 13:23:14 -0600

Hello,

> It is a modification of gcc not stack protection built into the kernel.
> Thats just showing the symbol inside the kernel binary, thus showing
> that the kernel was compiled with gcc that had the propolice modification.
> I can't think over any benefit from compiling the kernel with propolice, 
> only
> from compiling userland items and libraries with it. I think it would be ok
> to build world with it by default but not on by default for everything else.

Why not have propolice build the kernel as well?  If it catches a stack
overflow propolice should shut it down with the handler.  This should
protect against LKM stack exploits (unless I'm really missing something
which would not be unusual :-)
 
> Since a new gcc is in the pipeline for the next few months has anyone
> looked at added these patches to  gcc-3.3 or 3.4  ?

Yes, there are 3.3 patches available as well.

Cheers,
Ryan

References:
- propolice for GCC?
  - From: Ryan Dooley
- Re: propolice for GCC?
  - From: Ryan Dooley
- Re: propolice for GCC?
  - From: Ryan Dooley
- Re: propolice for GCC?
  - From: Ryan Dooley
- Re: propolice for GCC?
  - From: Ryan Dooley
- Re: propolice for GCC?
  - From: Eirik Nygaard
- Re: propolice for GCC?
  - From: David Rhodus

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]