On Fri, 2002-12-06 at 18:29, Albert Cervera Areny wrote: > I've read in slashdot > (http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has > included stack-smashing protection using the ProPolice > (http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2 > > I think it would be a great idea to use this patch with debian too as soon as > gcc becomes the compiler by default. Protecting the entire system from this > kind of bugs would really be a great security step forward. Would somebody > make some kind of statistics of how many of this year's bugs wouldn't have > made the system vulnerable with this patch? > > Though there is about of 8% performane overhead I think it is worth using > this. And more now that gcc makes programs about 8% faster ;-) Hi,
We are running more architectures than OpenBSD project with more and more packages.The overhead cost(8%) sounds good for me, but about the cost to rebuild the entire archive? And if i need one package without the protection? We will keep two archives? Debian can't, it's obviously a bad idea.But if anyone can rebuild the entire Woody for i386 with propolice, stackguard or anything like, good too! I guess that Debian can support one more kernel flavor, it's so easy.You can see the previous commented patch called grsecurity, it has PaX and more interesting features to enhance security without rebuild the entire system.Comments here? cya, Gustavo Franco -- <[EMAIL PROTECTED]>
