The story of Propolice, the OpenBSD stack protector

Contributed by Peter N. M. Hansteen on 2025-12-12 from the protecting-the-full-stack dept.

In a fascinating retrospective titled The story of Propolice, longtime OpenBSD developer Miod Vallat (miod@) tells the story of the early stack protection work on OpenBSD.

This is also part of the early history of OpenBSD development, when Miod relates that the project

starts switching its mindset from ``our work is to make the code bug-free'' to ``in addition to making the code bug-free, we should make exploitation as difficult as possible''.

The article provides fair measure of detail about how the OpenBSD developers made the Propolice mechanism portable across all supported architectures (including the now-retired OpenBSD/vax).

As the article notes, the name Propolice is no longer commonly used, but it denotes an important step in the efforts to make OpenBSD and other systems run on secure and correct code.

The full article, titled The story of Propolice, is well worth your time for filling in gaps in the history of our favorite codebase.

(Comments are closed)

Comments

By Noah Altun (naltun) noah@altun.cc on 2025-12-12 21:08

Great read. Thanks to Miod for taking the time to write the post.
By Mihai David (mihai) on 2025-12-15 11:09

Interesting read.

Latest Articles

Sun, Jan 18
- 11:28 (Open) Widevine support added to the chromium port (1)
Fri, Jan 16
- 08:51 pf: make af-to less magical (0)
Thu, Jan 15
- 20:36 OpenBSD-current now runs as guest under Apple Hypervisor (1)
- 13:58 MAXCPUS on OpenBSD/amd64-current is now 255 (0)
Wed, Jan 14
- 10:41 rpki-client 9.7 released (0)
Tue, Jan 13
- 07:08 LACP mode removed from trunk(4) (0)
Wed, Dec 31
- 08:03 Miod talks about HP/PA boot blocks (0)
- 07:05 OpenBGPD 9.0 released (1)
Tue, Dec 30
- 09:49 fw_update(8) now checks dmesg(8) output in addition to dmesg.boot (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]