On Thu, Nov 12, 2009 at 07:19:55AM +0000, Mindaugas Rasiukevicius wrote:
> > Log Message:
> > Enable Stack Smash Protection (SSP) by default for NetBSD/amd64 and
> > NetBSD/i386 as previously discussed on the "port-amd64" and
> > "port-i386" mailing lists. No objections from the core team.
>
> My last impression from port-{i386|amd64} was that SSP wont be enabled.
The majority of people seemed to be in favour of the change.
> Point that it can find some bugs is reasonable, but then why not enable
> it for, let's say, DIAGNOSTIC option?
Because it is also a security feature. I can e.g. turn a remote root
exploit into a DoS which will at least keep your data safe.
Kind regards
--
Matthias Scheler http://zhadum.org.uk/
