Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)

[Steven Bellovin <smb%cs.columbia.edu@localhost>]

On Nov 12, 2009, at 8:45 PM, Elad Efrat wrote:

> On Thu, Nov 12, 2009 at 6:58 PM, David Holland
> <dholland-current%netbsd.org@localhost> wrote:
>> On Thu, Nov 12, 2009 at 03:30:23PM -0500, Elad Efrat wrote:
>>>> After protests from multiple developer because of the performance hit
>>>> I've reverted the changes. SSP is now off by default (except for
>>>> library and network daemon builds) on all platforms, in particular
>>>> for NetBSD/amd64 and NetBSD/i386 kernels.
>>> 
>>> Unfortunately for rmind@, pooka@, and haad@, until proven otherwise,
>>> it seems more developers are interested in having SSP enabled by
>>> default. Please put it back. No developers are more equal than others.
>> 
>> I don't see that there's a convincing rationale for turning it on in
>> the kernel.
> 
> Unfortunately for you that does not change the situation one bit.
> 
> However, for pure fun, let's look at the "rationale" here. If your
> kernel is built without SSP and a vulnerability that it might have
> protected against is being exploited, there's a fairly good chance
> that it will result in either stack corruption leading sooner or later
> to a panic, or to a kernel compromise. (Not root compromise -- there's
> a very big difference.)

Before we had plists in the kernel, I wasn't as worried.  We have them now.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb