[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Stack-smashing protection

8% is a huge hit, by all means a module or an option, however I question its 
need as "standard". I would not want it there unless Im convinced it truely 
offers protection from a quantifiable risk. I dont want to see the kernel go 
the way of MS's kernel ,one huge bloated mess.

Lets see some papers/justification for this item, it may not be needed in all 



On Sat, 07 Dec 2002 09:29, Albert Cervera Areny wrote:
> I've read in slashdot
> (http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has
> included stack-smashing protection using the ProPolice
> (http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2
> I think it would be a great idea to use this patch with debian too as soon
> as gcc becomes the compiler by default. Protecting the entire system from
> this kind of bugs would really be a great security step forward. Would
> somebody make some kind of statistics of how many of this year's bugs
> wouldn't have made the system vulnerable with this patch?
> Though there is about of 8% performane overhead I think it is worth using
> this. And more now that gcc makes programs about 8% faster ;-)

Reply to: