[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security enhanced debian branch?

On Thu, Dec 18, 2003 at 09:41:28AM -0800, Matt Zimmerman wrote:

> For cases where the added functionality is provided by additional packages,
> this is easy.  However, some of the things which are being experimented with
> include compiler patches to produce binaries which make certain types of
> exploits more difficult, and that kind of thing is not easy to merge into
> Debian proper.

  I am working on the compiler patches and it is my intention to rebuild
 and distribute a lot of the core packages to ensure they continue to
 work correctly.

  I am not currently sure whether gcc-3.3 can be used to compile woody
 kernels, but apart from that the packages for which I forsee problems
 as being most likely include:


  If I can get those built and tested then I'd be confident to
 recommend the SSP patches be enabled globaly in unstable - at that
 point my work will be done.

  Even compiling most of the stable distribution will not prove that
 things are "safe", I guess we only know if we enable it and see what
 happens on non-x86 platforms, something I'm not really able to test

  .. and I may find the time to work with some of the interesting kernel
 packages, or go back to doing source auditing.


Reply to: