> On Sep 24, 2015, at 2:24 PM, Pedro Giffuni <pfg at FreeBSD.org>
wrote:
>
> (excuse me if you get this message repeated .. I hit the wrong list
previously)
>
> Hello;
>
> Our current stack protection is very weak (about 1-2 % coverage).
> Google engineers have developed a new level of protection
> (about 20% coverage) that according to Google and Redhat has
> a negligible impact on performance.
>
> I have opened a code review with a simple update to the default
> setting for our stack protector:
>
> https://reviews.freebsd.org/D3463/
>
> Sadly I haven't received much feedback.
>
> I have no hurry to commit this but as stated in the review I think it
> is worthwhile. I don?t expect any issue, but it would be better to apply
> this change soonish rather than later so any collateral issues are
> detected and worked out with ample time before 11-Release.
>
> Any objection? If there is no feedback I will just play with other
> things.
>
> Pedro.
That URL did not work for me (404). I found what you are directing us toward
instead at https://reviews.freebsd.org/D3463
I like what I'm reading so far, alas I am a nobody.
Could you clarify/elaborate what is meant when you say "coverage" and
using these approximate percentages as a metric? Compare and contrast the
safestack approach for us, if you would, as well. Please bear with me, I am a C
novice and what I know about the magic of compilers could fit on a Post-it Note,
the really small kind. While I acknowledge I have no place in this conversation,
I think it would draw more people into the discussion if you'd be willing to
educate us laypeople a little as attempting to teach often exposes the
overlooked gaps in ones own knowledge.
I understand the difference between a heap and a stack, the process model, the
idea of a virtualized memory address space, kernel and user modes of execution
and that is about where my expertise ends. I have a vague understanding of how
function calls happen, what a system call interface is, an ABI, an ISA, buffer
overflows and such as concepts but little experience with the mechanics of any
of the aforementioned. I know that things like W^X and MMUs and some mythical
"rings" exist to make our lives safer and more productive but as for
how they work or if we can trust them, I generally must defer to greater minds
whom I then judge by superficial traits such as the size and messiness of their
beards and the variety and age of their shirts, both t- and Hawaiian.
Without simply referring me to a full bookshelf of thousand-page books is there
a way people such as myself could become more helpful at assessing such a
change? If I enable this on a couple of systems what sorts of breakage or impact
should I be looking for?
This is an invitation for anyone to enlighten me, not only the original poster.
I'm sure there are a hundred more lurkers afraid to ask.
Thank you for contributing.