Re: Steve Kemp <skx@debian.org> Please check your Debian E-Mail.
On Tue, Aug 02, 2005 at 03:58:33PM -0400, Greg Folkert wrote:
> I was finally able to acquire an SSP Build Host for you.
> If you are still interest. Please contact me.
A bit quick off the mark there, Greg! I think I've replied to all
your previous mails within a day or two...?
Anyway for anybody else watching. This host is going to be used
for rebuilding Debian's Stable release, Sarge, with the SSP
compiler.
The SSP compiler is a patch against GCC and offers "Stack Smashing
Protection". In short it gives protection against buffer overflow
bugs, and attacks.
Whilst it doesn't protect a system in all cases, and other
avenues of exploitation are still available (eg, format string
attacks) it's a good means of hardening the system.
The big drawback with using SSP is that it is a compiler based
security system, so to use it all system binaries must be rebuilt.
The intention is *not* to create a new distribution, like
Adamantix[1]. I've neither the skill, intention, or the patience
to support a full distribution. Instead the goal is twofold:
1. See if there is any interest in supporting this in Debian.
2. See if it all actually works. (eg. #213994, #233208).
Steve
--
[1] http://www.adamantix.org/
- Last updated news page 2004-08-17
Reply to: