propolice for GCC?

Matthew Dillon dillon at apollo.backplane.com
Tue Dec 9 11:50:26 PST 2003


:Hello,
:
:> The follow up to building with propolice.  A make buildlworld,
:> buildkernel, installworld, install kernel worked just fine, although I
:> didn't not modify the string that GCC returns (since cc uses built in
:> specs) so see that propolice was built correctly.  I'm rebuilding the
:> system again.
:
:I've finished building my system twice now and it does seem to be stable 
:with the propolice patch.  The only (lame) way I can tell that the stack 
:guard is in places comes from strings(1).
:
:	neptune# strings /kernel |grep smash
:	__stack_smash_handler
:	neptune#
:
::-)
:
:Cheers,
:Ryan

    This looks good, Ryan.  I am patching it in now and testing it (by
    looking at the assembly output).  I think it is an important
    addition to GCC that cuts out a very common attack vector.

    Since they suppor both GCC 2.9x and 3.x I think we can safely commit
    it to the DFly tree once some moderate testing has been completed.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>





More information about the Kernel mailing list