propolice for GCC?
Matthew Dillon
dillon at apollo.backplane.com
Tue Dec 9 11:50:26 PST 2003
:Hello,
:
:> The follow up to building with propolice. A make buildlworld,
:> buildkernel, installworld, install kernel worked just fine, although I
:> didn't not modify the string that GCC returns (since cc uses built in
:> specs) so see that propolice was built correctly. I'm rebuilding the
:> system again.
:
:I've finished building my system twice now and it does seem to be stable
:with the propolice patch. The only (lame) way I can tell that the stack
:guard is in places comes from strings(1).
:
: neptune# strings /kernel |grep smash
: __stack_smash_handler
: neptune#
:
::-)
:
:Cheers,
:Ryan
This looks good, Ryan. I am patching it in now and testing it (by
looking at the assembly output). I think it is an important
addition to GCC that cuts out a very common attack vector.
Since they suppor both GCC 2.9x and 3.x I think we can safely commit
it to the DFly tree once some moderate testing has been completed.
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
More information about the Kernel
mailing list