Bug#149463: There should be a gcc version with stack protection patch

To: 149463@bugs.debian.org
Subject: Bug#149463: There should be a gcc version with stack protection patch
From: Torsten Knodt <tk-debian@datas-world.de>
Date: Sun, 9 Jun 2002 20:20:47 +0200
Message-id: <[🔎] 200206092020.59420.tk-debian@datas-world.de>
Reply-to: Torsten Knodt <tk-debian@datas-world.de>, 149463@bugs.debian.org
In-reply-to: <[🔎] 1023645258.661.4.camel@kc>
References: <[🔎] courier.3D0392A6.000047D0@datas-world.dyndns.org> <[🔎] 1023645258.661.4.camel@kc>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
> > I think there should be a gcc version with stack protection patch
> > included. The patch was sent in the gcc patches mailing list. Perhaps a
> > single version is enough, as the patch can be (completly ?) disabled.
> Please include a pointer to the patch, and explain why you think it
> should be included.
sorry, I thought you know of the patch.

Here the pointers:
Project Homepage: http://www.trl.ibm.com/projects/security/ssp/
Patch for gcc 2.95.3: 
http://www.trl.ibm.com/projects/security/ssp/gcc2_95_3/protector-2.95.3-9.tar.gz
Link to the announcement on gcc-patches: 
http://gcc.gnu.org/ml/gcc-patches/2001-06/msg01753.html

Now why. The patch adds an option to gcc, which can optionally be made 
default, which adds some protection code to every C program it compiles. 
Also, it does some variable reordering to prevent pointers to be overridden 
by buffer overflows. The author says, that he bootstraped gcc on some 
architectures and some pople are using a rebuild FreeBSD 4.3 and a RedHat 6.2 
without trouble. The exact architectures are mentioned in the announcement.
With this patch, many buffer overflows can be detected. When this happens, the 
programs are terminated and a message to syslog is generated. On the homepage 
is a description, how exactly the patch works.
I think this patch would lead to a more secure debian linux. When there are 
different versions of gcc with and without the patch or the patch is simply 
disabled by default, there should be no problems. And now, where testing is 
frozen, it should be a good time to include this patch.

With kind regards
	Torsten Knodt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9A5yJX1/CjdwsodIRAihAAKCghFdcAQy9y15PmXZFSIf8rciqNwCdGliA
KSTWWkn7zxWHhShxGUpUUys=
=NKLt
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-gcc-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Bug#149463: There should be a gcc version with stack protection patch
  - From: martin@v.loewis.de (Martin v. Loewis)

References:
- Bug#149463: There should be a gcc version with stack protection patch
  - From: "Torsten Knodt" <tk-debian@datas-world.de>
- Bug#149463: There should be a gcc version with stack protection patch
  - From: Philip Blundell <pb@nexus.co.uk>

Prev by Date: Bug#149463: There should be a gcc version with stack protection patch
Next by Date: Bug#149463: There should be a gcc version with stack protection patch
Previous by thread: Bug#149463: There should be a gcc version with stack protection patch
Next by thread: Bug#149463: There should be a gcc version with stack protection patch
Index(es):
- Date
- Thread