Re: security enhanced debian branch?
On Thu, Dec 18, 2003 at 09:41:28AM -0800, Matt Zimmerman wrote:
> For cases where the added functionality is provided by additional packages,
> this is easy. However, some of the things which are being experimented with
> include compiler patches to produce binaries which make certain types of
> exploits more difficult, and that kind of thing is not easy to merge into
> Debian proper.
I am working on the compiler patches and it is my intention to rebuild
and distribute a lot of the core packages to ensure they continue to
work correctly.
I am not currently sure whether gcc-3.3 can be used to compile woody
kernels, but apart from that the packages for which I forsee problems
as being most likely include:
X
perl
libc
If I can get those built and tested then I'd be confident to
recommend the SSP patches be enabled globaly in unstable - at that
point my work will be done.
Even compiling most of the stable distribution will not prove that
things are "safe", I guess we only know if we enable it and see what
happens on non-x86 platforms, something I'm not really able to test
directly.
.. and I may find the time to work with some of the interesting kernel
packages, or go back to doing source auditing.
Steve
--
Reply to: