Bug#233208: Patch effectiveness
As well as showing how well the compiler works for the i386 platform
I have a list of all the my recent DSA's and a comment on whether
the SSP compiler would have prevented exploitation.
The table can be found here:
http://shellcode.org/Advisories/
The short version is that 16 out of the previous 21 DSA's which I've
been responsible for would have become unexploitable had the relevent
packages been compiled with an SSP-enabled compiler.
I accept that the patch probably won't be enabled until it's been
tested more - but it's a catch 22 situation, most archs won't get more
testing until it's been enabled!
FWIW I believe enabling it, but having the protection default to off
is the correct solution. After sarge.
--
Steve
--
# Debian Security Audit Project
http://www.shellcode.org/Audit/
Reply to: