From what I understand, this is a patch to GCC that adds "stack protection". The stack is part of a computer program where data is stored, and a common hack is to "overflow" the stack and using the effects of that to insert your own remote program. This patch prevents GCC, the compiler normally used on FreeBSD from allowing that to happen. You patch GCC, and rebuild the world to add the protection into the kernel. I haven't tried this yet, but I'm intrigued nonetheless.
How to build FreeBSD with stack protection
An interesting little side note in the above web page - it has about as concise a set of instructions for rebuilding and installing the kernel that I've ever seen!
Rebuild and install everything:
cd /usr/src
mergemaster -p
make buildworld
make buildkernel
make installkernel
shutdown -r now, bringing the system back up in single-user mode
make installworld
mergemaster
reboot
No comments:
Post a Comment