Re: StackGuard

To: Brock Rozen <brozen@torah.org>
Cc: Debian Policy List <debian-policy@lists.debian.org>
Subject: Re: StackGuard
From: John Goerzen <jgoerzen@complete.org>
Date: 04 May 1999 08:36:31 -0500
Message-id: <87u2tt2bz4.fsf@erwin.complete.org>
In-reply-to: Brock Rozen's message of "Tue, 4 May 1999 15:54:18 +0300 (IDT)"
References: <Pine.LNX.4.10.9905041551580.24328-100000@rina.torah.org>

Brock Rozen <brozen@torah.org> writes:

> What are people's thoughts on requiring software to be compiled with
> StackGuard?

Well, to start with, StackGuard is of only limited usefulness against
a small subset of possible security problems.  Further, these
particular problems are ones that have been under the microscope for
some time and we are seeing them with decreased frequency as a whole.

Further, only a small part of the software in Debian would benefit
from it.  non-x86 architectures would probably not benefit at all (can 
you even compile with StackGuard there?)

I would say that if we are going to be putting effort into something,
that the effort be put into code audit instead of StackGuard.  That
would be more likely to find and fix problems, and would not be so
restricted in scope.

-- 
John Goerzen   Linux, Unix consulting & programming   jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade)       www.debian.org |
----------------------------------------------------------------------------+
The 135,949th digit of pi is 3.

Reply to:

References:
- StackGuard
  - From: Brock Rozen <brozen@torah.org>

Prev by Date: StackGuard
Next by Date: Re: Software in main that is throughly useless without non-free software
Previous by thread: StackGuard
Next by thread: PROPOSAL: libtool archive (`*.la) files in `-dev' packages
Index(es):
- Date
- Thread