Re: Bug#149463: There should be a gcc version with stack protection patch
On Sun, Jun 09, 2002 at 10:40:11PM +0200, Martin v. Loewis wrote:
> Torsten Knodt <email@example.com> writes:
> > thats not what I wanted to do. I think IBM and the other big users
> > of this patch, will do this themselves. But I think in the meantime
> > it would be a win to debian. Yes, it's mostly not a good idea to
> > have features patches in the debian diff, but this would give
> > security and, when I'm not wrong, wouldn't not make the compiled
> > programs incompatible to normal programs.
> It probably would, because of the access to /dev/urandom. I haven't
> tried, but I'm sure I could construct an application that would break
> if that feature is enabled.
Easily. It will wastefully drain the entropy pool of the system, with
potentially severe impact on any crypto with a legitimate need for
> > That's why I suggested a separate version of gcc as an option. Like
> > there are versions with and without ssl for many packages, there
> > could be a gcc version with and without stack protection. If you
> > think this not a good idea, I would agree to close the report.
> Anybody that wants to use this patch on a regular basis can already do
> so. Anybody who wants this package only rarely won't be helped much by
> a separate package, IMO. In a separate package, it would IMO increase
> the maintainance overhead, and prevent that remaining problems are
> I think the best use of this patch would be if someone would try to
> create a complete Debian distribution with the compiler, and run the
> it with to find problems in the existing packages. The set of problems
> found will also help in evaluating the patch. All you need is a lot of
> disk space and spare cycles.
I agree. There's very little point in adding this patch, especially to
a version of GCC we're trying to obsolete soon.
Daniel Jacobowitz Carnegie Mellon University
MontaVista Software Debian GNU/Linux Developer
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com