[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: binutils w PaX Vs binutils w SSP

On Fri, Jul 16, 2004 at 05:30:44PM +0200, Thomas Sj?gren wrote:

> PaX support in binutils and SSP compiled packages are two very nice 
> things to have. The problem at this moment is that you cant have
> both at the same time at this moment. 
> Using for example Steve Kemp's GCC w SSP[1], binutils comes compiled with
> SSP. If you then installs Petersen's binutils with PaX patch[2] Kemp's
> version of binutils gets uninstalled.

  Whilst I've not tried this it seems believable.  I guess to have them
 both would be a good idea, I will see if it's simple to do and if so
 I'll look at sharing a binary.

> This isn't odd, but it's pretty annoying because, imo, both PaX and SSP
> should be pretty much standard.

  Agreed.  Although it looks like SSP will not be part of GCC ever,
 instead `mudflap` will be used in GCC v3.5.  (I only learned of this
 today, and so far know little of it.  It seems to be a generalised 
 bounds checking patch - google has details but not enough for me to
 understand it yet).

> Setting up a third repository seemd kind of ridiculous only to provide
> these packages with both SSP and PaX, so is there any plans to coordinate this 
> kind of things and set up a centralized repository for patches like SSP
> and PaX?

  I've been looking for a host with the bandwidth and capacity to act
 as an SSP build machine for a while now.  I've had various offers but
 they have all sadly fallen through.

# The Debian Security Audit Project.

Attachment: pgpd5emaHgCpM.pgp
Description: PGP signature

Reply to: