Re: Stack-smashing protection

To: debian-security@lists.debian.org
Subject: Re: Stack-smashing protection
From: Thing <thing@katrina.thing.dyndns.org>
Date: Sat, 7 Dec 2002 11:13:40 +1300
Message-id: <200212062223.gB6MNUPF006470@katrina.thing.dyndns.org>
In-reply-to: <200212062129.08591.albertca@jazzfree.com>
References: <200212062129.08591.albertca@jazzfree.com>

8% is a huge hit, by all means a module or an option, however I question its 
need as "standard". I would not want it there unless Im convinced it truely 
offers protection from a quantifiable risk. I dont want to see the kernel go 
the way of MS's kernel ,one huge bloated mess.

Lets see some papers/justification for this item, it may not be needed in all 
situations. 

regards

Thing

On Sat, 07 Dec 2002 09:29, Albert Cervera Areny wrote:
> I've read in slashdot
> (http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has
> included stack-smashing protection using the ProPolice
> (http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2
>
> I think it would be a great idea to use this patch with debian too as soon
> as gcc becomes the compiler by default. Protecting the entire system from
> this kind of bugs would really be a great security step forward. Would
> somebody make some kind of statistics of how many of this year's bugs
> wouldn't have made the system vulnerable with this patch?
>
> Though there is about of 8% performane overhead I think it is worth using
> this. And more now that gcc makes programs about 8% faster ;-)

Reply to:

Follow-Ups:
- Re: Stack-smashing protection
  - From: Albert Cervera Areny <albertca@jazzfree.com>

References:
- Stack-smashing protection
  - From: Albert Cervera Areny <albertca@jazzfree.com>

Prev by Date: Stack-smashing protection
Next by Date: Re: pop mail recommendations
Previous by thread: Stack-smashing protection
Next by thread: Re: Stack-smashing protection
Index(es):
- Date
- Thread