[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PaX on Debian

Hash: SHA1

Found a problem.

Russell Coker wrote:
| On Mon, 26 Jul 2004 02:57, John Richard Moser <nigelenki@comcast.net>
| We have recently discussed this on at least one of the lists you
posted to.
| The end result of the discussion is that GCC is getting another SSP type
| technology known as "mudflap".  Mudflap depends on some major new
features of
| GCC 3.5, so it looks like we won't be getting this until GCC 3.5 as the
| Debian GCC people don't want to merge in other patches which have no
| chance of being included upstream.

- ----cut----
| Upstream has already decided to support mudflap in GCC 3.5, which is
| even more far-reaching than SSP.

I'm not sure whether all users of SSP would he happy with mudflap as a
replacement. It has a different focus; it was designed as debugging
tool. For example it probably incurs a much larger performance
overhead, since basically every pointer dereference goes through a
hash table.
- ----cut----


It's a high-overhead debugging tool?  I can understand this:  The GCC
team would be more concerned with helping you FIX security issues than
blocking them at exploit time.  It shouldn't interfere with ProPolice
anyway, I've been told, so you may want to go with SSP/ProPolice for
security reasons.  Either way, moving to mudflap is going to require a
full system recompile on your end, so what do you really lose?  :)

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitely stated.

Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


Reply to: