On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote: > Arguments against: > - makes the compiler's behavior different than stock compiler. > Rebuttal: honestly, I don't care -- it seems like such a > huge win for safety and is easy to debug. Debian > already carries plenty of patches anyway -- there > is no such thing as the "stock compiler". > - makes more work for dealing with warnings. > Rebuttal: those warnings are there for a reason -- they can > be real security issues, and should be fixed. > - lacks documentation. > Rebuttal: that may have been true a while ago, but I've worked > hard to document the features and how to handle > problems. See [2]. Even the gcc man pages are patched. > - makes running Debian slower. > Rebuttal: no, nothing supports this. The bulk of _FORTIFY_SOURCE > is compile-time. Run-time checks, including those from > -fstack-protector are just not measurable. The burden of > evidence for anyone claiming this is on them. I'm not > suggesting we turn on PIE; that option can be a problem. - breaks debugging with gdb. See <[🔎] 1256300822.13273.39.camel@fsopti579.F-Secure.com> on this list and #346409. You provided a patch for #346409, but there appears to be issues with it as noted in the bug log. -- James GPG Key: 1024D/61326D40 2003-09-02 James Vega <jamessan@debian.org>
Attachment:
signature.asc
Description: Digital signature