Re: Bug#149463: There should be a gcc version with stack protection patch
Torsten Knodt <tk-debian@datas-world.de> writes:
> thats not what I wanted to do. I think IBM and the other big users
> of this patch, will do this themselves. But I think in the meantime
> it would be a win to debian. Yes, it's mostly not a good idea to
> have features patches in the debian diff, but this would give
> security and, when I'm not wrong, wouldn't not make the compiled
> programs incompatible to normal programs.
It probably would, because of the access to /dev/urandom. I haven't
tried, but I'm sure I could construct an application that would break
if that feature is enabled.
> That's why I suggested a separate version of gcc as an option. Like
> there are versions with and without ssl for many packages, there
> could be a gcc version with and without stack protection. If you
> think this not a good idea, I would agree to close the report.
Anybody that wants to use this patch on a regular basis can already do
so. Anybody who wants this package only rarely won't be helped much by
a separate package, IMO. In a separate package, it would IMO increase
the maintainance overhead, and prevent that remaining problems are
found.
I think the best use of this patch would be if someone would try to
create a complete Debian distribution with the compiler, and run the
it with to find problems in the existing packages. The set of problems
found will also help in evaluating the patch. All you need is a lot of
disk space and spare cycles.
Regards,
Martin
--
To UNSUBSCRIBE, email to debian-gcc-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: