Bug#233208: Request for stack protector enabled by default
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: gcc-3.3
Version: 3.3.3-0pre4
Priority: wishlist
As Javier Fernandez-Sanguino Pen~a and David Alan Gilbert mentions in
#213994 [1] it would be a good thing if the SSP patch in the GCC-package
would be enabled by default. This would, hopefully, make developers
compile packages with the -fstack-protector, or -fstack-protector-all,
option and thus increase the basic security of Debian.
The protector compile option has been tested successfully, for example:
1. The Adamantix distribution [2], based on Debian, which uses this option by
default has recompiled many packages with this option without any real problemes.
2. Hardened-Gentoo [3] uses this option as well.
3. The recompiled gcc package made available by Steve Kemp [4] works
without any problems on Debian stable and unstable and has been used to
compile both 2.4 and 2.6 vanilla kernels [5] and a number of different
packages and programs (Apache, the GCC-packege itself, ...).
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213994
[2] http://www.adamantix.org
[3] http://www.gentoo.org/proj/en/hardened/propolice.xml
[4] http://shellcode.org/Cat/packages.html
[5] http://www.northernsecurity.net/adamantix/
/Thomas
- --
== thomas@northernsecurity.net | thomas@se.linux.org
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iQEVAwUBQDIPjNXAsD67qPj1AQJ6lAf/SeM+y8WS/QbGCjOc2IxZv/klSQEjlFNI
mxNjSwaHtavj2FRcyJFHX9G8Fdys9bqtjtmCbdmP2/yrJVUcEJlXv0lafY+asiBb
8tgvJobxGgdDkqp0jSvANgIf5Kl4r+dAzJOs7h35ER/3TDVk6pE9mY5zjKGi98fP
HMJln7L0BpFbCMcyZh1VYKCIYjhKRn9tNv7anWpVr30cHvmzB5JZnotD4+N7BX58
/Ve9RBB6UuA9Rms0AAHIblDskpbPcdbRxZsN3M/2zcJrTt3lVQI2OH8qd+XuNMq9
9UYYpNGrKSHo/FsN2cG2Mc3kVVQYdprHF8OQ18NuUrEQHFw5RZ66dQ==
=nmT3
-----END PGP SIGNATURE-----
Reply to: