Okay, so I’m now refining the SSP implementation, by borrowing the SSP functions from OpenBSD (well that’s the good part of having the different BSD, isn’t it?), and modifying them to suit more the Gentoo implementation (as in, I use a different canary, shorter, quicker).
But this is not just the best implementation. Right now I simply disable the stack protection on the whole libc, that is non optimal. Unfortunately I’m not yet that sure how to make some source files only to be compiled with a defined flag (-fno-stack-protector) so that we don’t need to disable it entirely.
Also, solar offered to help out fixing the OpenBSD handler as it’s suboptimal, too.
I’ll committ he new freebsd-lib-6.0 later today, and now that the crosscompile is fixed, tomorrow I’ll be able to work on updating to 6.1.
For this reason, tomorrow my blog might be offline for a while, in the time I do the update, but shouldn’t be much. I’ll be also rebuilding it with hardened compiler, as I want to test stack protection and hardened that box a bit.
At this point, the only thing we miss is a PaX implementation and PIE support, but solar also told me that NetBSD’s PaX is almost ready, and PIE is already supported by OpenBSD I suppose, so it might be possible to have an hardened FreeBSD sooner or later.
So here we are, should we prove again a reason for the existence of this project?