-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: gcc-3.3 Version: 3.3.3-0pre4 Priority: wishlist
As Javier Fernandez-Sanguino Pen~a and David Alan Gilbert mentions in #213994 [1] it would be a good thing if the SSP patch in the GCC-package would be enabled by default. This would, hopefully, make developers compile packages with the -fstack-protector, or -fstack-protector-all, option and thus increase the basic security of Debian. The protector compile option has been tested successfully, for example: 1. The Adamantix distribution [2], based on Debian, which uses this option by default has recompiled many packages with this option without any real problemes. 2. Hardened-Gentoo [3] uses this option as well. 3. The recompiled gcc package made available by Steve Kemp [4] works without any problems on Debian stable and unstable and has been used to compile both 2.4 and 2.6 vanilla kernels [5] and a number of different packages and programs (Apache, the GCC-packege itself, ...). [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213994 [2] http://www.adamantix.org [3] http://www.gentoo.org/proj/en/hardened/propolice.xml [4] http://shellcode.org/Cat/packages.html [5] http://www.northernsecurity.net/adamantix/ /Thomas - -- == [EMAIL PROTECTED] | [EMAIL PROTECTED] == Encrypted e-mails preferred | GPG KeyID: 114AA85C - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iQEVAwUBQDIPjNXAsD67qPj1AQJ6lAf/SeM+y8WS/QbGCjOc2IxZv/klSQEjlFNI mxNjSwaHtavj2FRcyJFHX9G8Fdys9bqtjtmCbdmP2/yrJVUcEJlXv0lafY+asiBb 8tgvJobxGgdDkqp0jSvANgIf5Kl4r+dAzJOs7h35ER/3TDVk6pE9mY5zjKGi98fP HMJln7L0BpFbCMcyZh1VYKCIYjhKRn9tNv7anWpVr30cHvmzB5JZnotD4+N7BX58 /Ve9RBB6UuA9Rms0AAHIblDskpbPcdbRxZsN3M/2zcJrTt3lVQI2OH8qd+XuNMq9 9UYYpNGrKSHo/FsN2cG2Mc3kVVQYdprHF8OQ18NuUrEQHFw5RZ66dQ== =nmT3 -----END PGP SIGNATURE-----
