Re: Bug#149463: There should be a gcc version with stack protection patch

To: Daniel Jacobowitz <dan@debian.org>, "Martin v. Loewis" <martin@v.loewis.de>
Cc: debian-gcc@lists.debian.org
Subject: Re: Bug#149463: There should be a gcc version with stack protection patch
From: Torsten Knodt <tk-debian@datas-world.de>
Date: Sun, 9 Jun 2002 23:46:00 +0200
Message-id: <[🔎] 200206092346.41943.tk-debian@datas-world.de>
In-reply-to: <[🔎] 20020609205521.GA2599@nevyn.them.org>
References: <[🔎] courier.3D0392A6.000047D0@datas-world.dyndns.org> <[🔎] m3y9do9oes.fsf@mira.informatik.hu-berlin.de> <[🔎] 20020609205521.GA2599@nevyn.them.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Daniel,
> > Torsten Knodt <tk-debian@datas-world.de> writes:
> > > thats not what I wanted to do. I think IBM and the other big users
> > > of this patch, will do this themselves. But I think in the meantime
> > > it would be a win to debian. Yes, it's mostly not a good idea to
> > > have features patches in the debian diff, but this would give
> > > security and, when I'm not wrong, wouldn't not make the compiled
> > > programs incompatible to normal programs.
> > It probably would, because of the access to /dev/urandom. I haven't
> > tried, but I'm sure I could construct an application that would break
> > if that feature is enabled.
> Easily.  It will wastefully drain the entropy pool of the system, with
> potentially severe impact on any crypto with a legitimate need for
> entropy.
Right, that's something I didn't think of.

> > > That's why I suggested a separate version of gcc as an option. Like
> > > there are versions with and without ssl for many packages, there
> > > could be a gcc version with and without stack protection. If you
> > > think this not a good idea, I would agree to close the report.
> > Anybody that wants to use this patch on a regular basis can already do
> > so. Anybody who wants this package only rarely won't be helped much by
> > a separate package, IMO. In a separate package, it would IMO increase
> > the maintainance overhead, and prevent that remaining problems are
> > found.
> > I think the best use of this patch would be if someone would try to
> > create a complete Debian distribution with the compiler, and run the
> > it with to find problems in the existing packages. The set of problems
> > found will also help in evaluating the patch. All you need is a lot of
> > disk space and spare cycles.
> I agree.  There's very little point in adding this patch, especially to
> a version of GCC we're trying to obsolete soon.
This patch is also avalaible for newer versions. I filed it against 2.95, 
because of actual interest. I'd like to use it with a package I've created 
(waiting for ftp-master), which only compiles with 2.95 until now.

With kind regards
	Torsten Knodt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9A8ypX1/CjdwsodIRAu8pAJ44c+XkgAMVbZOFoiecrhQdt8PgvQCff9aa
X0ivKoVPwLXJ4iegWGK0tuc=
=J+vW
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-gcc-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Bug#149463: There should be a gcc version with stack protection patch
  - From: "Torsten Knodt" <tk-debian@datas-world.de>
- Re: Bug#149463: There should be a gcc version with stack protection patch
  - From: martin@v.loewis.de (Martin v. Loewis)
- Re: Bug#149463: There should be a gcc version with stack protection patch
  - From: Daniel Jacobowitz <dan@debian.org>

Prev by Date: Bug#149463: There should be a gcc version with stack protection patch
Next by Date: Bug#149555: no documentation on how to use the lib for debugging
Previous by thread: Re: Bug#149463: There should be a gcc version with stack protection patch
Next by thread: Bug#149463: There should be a gcc version with stack protection patch
Index(es):
- Date
- Thread