Re: Bug#149463: There should be a gcc version with stack protection patch

To: "Martin v. Loewis" <martin@v.loewis.de>
Cc: Torsten Knodt <tk-debian@datas-world.de>, debian-gcc@lists.debian.org
Subject: Re: Bug#149463: There should be a gcc version with stack protection patch
From: Daniel Jacobowitz <dan@debian.org>
Date: Sun, 9 Jun 2002 16:55:21 -0400
Message-id: <[🔎] 20020609205521.GA2599@nevyn.them.org>
Mail-followup-to: "Martin v. Loewis" <martin@v.loewis.de>, Torsten Knodt <tk-debian@datas-world.de>, debian-gcc@lists.debian.org
In-reply-to: <[🔎] m3y9do9oes.fsf@mira.informatik.hu-berlin.de>
References: <[🔎] courier.3D0392A6.000047D0@datas-world.dyndns.org> <[🔎] 200206092020.59420.tk-debian@datas-world.de> <[🔎] m3wut8b6ed.fsf@mira.informatik.hu-berlin.de> <[🔎] 200206092200.45442.tk-debian@datas-world.de> <[🔎] m3y9do9oes.fsf@mira.informatik.hu-berlin.de>

On Sun, Jun 09, 2002 at 10:40:11PM +0200, Martin v. Loewis wrote:
> Torsten Knodt <tk-debian@datas-world.de> writes:
> 
> > thats not what I wanted to do. I think IBM and the other big users
> > of this patch, will do this themselves. But I think in the meantime
> > it would be a win to debian. Yes, it's mostly not a good idea to
> > have features patches in the debian diff, but this would give
> > security and, when I'm not wrong, wouldn't not make the compiled
> > programs incompatible to normal programs.
> 
> It probably would, because of the access to /dev/urandom. I haven't
> tried, but I'm sure I could construct an application that would break
> if that feature is enabled.

Easily.  It will wastefully drain the entropy pool of the system, with
potentially severe impact on any crypto with a legitimate need for
entropy.

> > That's why I suggested a separate version of gcc as an option. Like
> > there are versions with and without ssl for many packages, there
> > could be a gcc version with and without stack protection. If you
> > think this not a good idea, I would agree to close the report.
> 
> Anybody that wants to use this patch on a regular basis can already do
> so. Anybody who wants this package only rarely won't be helped much by
> a separate package, IMO. In a separate package, it would IMO increase
> the maintainance overhead, and prevent that remaining problems are
> found.
> 
> I think the best use of this patch would be if someone would try to
> create a complete Debian distribution with the compiler, and run the
> it with to find problems in the existing packages. The set of problems
> found will also help in evaluating the patch. All you need is a lot of
> disk space and spare cycles.

I agree.  There's very little point in adding this patch, especially to
a version of GCC we're trying to obsolete soon.

-- 
Daniel Jacobowitz                           Carnegie Mellon University
MontaVista Software                         Debian GNU/Linux Developer


-- 
To UNSUBSCRIBE, email to debian-gcc-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Bug#149463: There should be a gcc version with stack protection patch
  - From: Torsten Knodt <tk-debian@datas-world.de>

References:
- Bug#149463: There should be a gcc version with stack protection patch
  - From: "Torsten Knodt" <tk-debian@datas-world.de>
- Bug#149463: There should be a gcc version with stack protection patch
  - From: Torsten Knodt <tk-debian@datas-world.de>
- Bug#149463: There should be a gcc version with stack protection patch
  - From: martin@v.loewis.de (Martin v. Loewis)
- Bug#149463: There should be a gcc version with stack protection patch
  - From: Torsten Knodt <tk-debian@datas-world.de>
- Re: Bug#149463: There should be a gcc version with stack protection patch
  - From: martin@v.loewis.de (Martin v. Loewis)

Prev by Date: Re: Bug#149463: There should be a gcc version with stack protection patch
Next by Date: Bug#149463: There should be a gcc version with stack protection patch
Previous by thread: Re: Bug#149463: There should be a gcc version with stack protection patch
Next by thread: Re: Bug#149463: There should be a gcc version with stack protection patch
Index(es):
- Date
- Thread