Re: stack protection
On Thu, 21 Aug 2003 14:56, Brian May wrote:
> On Thu, Aug 21, 2003 at 12:57:06PM +1000, Russell Coker wrote:
> > Who is interested in stack protection?
> >
> > I think it would be good to have some experiments of stack protected
> > packages for Debian. Probably the best way to do this would be to start
> > with ssh-stack and sysklogd-stack being uploaded to experimental. I
> > don't have time to do this, but I would like to help test it.
>
> What stack protection are you talking about here?
>
> Any references?
Propolice sounds good:
http://www.trl.ibm.com/projects/security/ssp/
From the GCC changelog:
* Add the stack protector patch, but don't apply it by default. Edit
debian/rules.patch to apply it (closes: #171699, #189494).
It sounds like we need a propolice enabled GCC.
There are other stack protection mechanisms too, but propolice seems the most
popular. Some investigation would need to be done into the relative merits
of the various options (propolice has much better support apparently which
will be a major factor).
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: