DragonFly BSD
DragonFly kernel List (threaded) for 2003-12
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: propolice for GCC?

From: Ryan Dooley <dooleyr@xxxxxxxxxxxx>
Date: Wed, 10 Dec 2003 13:23:14 -0600


> It is a modification of gcc not stack protection built into the kernel.
> Thats just showing the symbol inside the kernel binary, thus showing
> that the kernel was compiled with gcc that had the propolice modification.
> I can't think over any benefit from compiling the kernel with propolice, 
> only
> from compiling userland items and libraries with it. I think it would be ok
> to build world with it by default but not on by default for everything else.

Why not have propolice build the kernel as well?  If it catches a stack
overflow propolice should shut it down with the handler.  This should
protect against LKM stack exploits (unless I'm really missing something
which would not be unusual :-)
> Since a new gcc is in the pipeline for the next few months has anyone
> looked at added these patches to  gcc-3.3 or 3.4  ?

Yes, there are 3.3 patches available as well.


[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]