[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Steve Kemp <skx@debian.org> Please check your Debian E-Mail.

On Tue, Aug 02, 2005 at 03:58:33PM -0400, Greg Folkert wrote:

> I was finally able to acquire an SSP Build Host for you.
> If you are still interest. Please contact me.

  A bit quick off the mark there, Greg!  I think I've replied to all
 your previous mails within a day or two...?

  Anyway for anybody else watching.  This host is going to be used
 for rebuilding Debian's Stable release, Sarge, with the SSP
 compiler.

  The SSP compiler is a patch against GCC and offers "Stack Smashing
 Protection".  In short it gives protection against buffer overflow 
 bugs, and attacks.

  Whilst it doesn't protect a system in all cases, and other
 avenues of exploitation are still available (eg, format string
 attacks) it's a good means of hardening the system.

  The big drawback with using SSP is that it is a compiler based
 security system, so to use it all system binaries must be rebuilt.

  The intention is *not* to create a new distribution, like
 Adamantix[1].  I've neither the skill, intention, or the patience
 to support a full distribution.   Instead the goal is twofold:

   1.  See if there is any interest in supporting this in Debian.

   2.  See if it all actually works.  (eg.  #213994, #233208).

Steve
--
[1] http://www.adamantix.org/ 
    - Last updated news page 2004-08-17
Reply to: