-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, > > I think there should be a gcc version with stack protection patch > > included. The patch was sent in the gcc patches mailing list. Perhaps a > > single version is enough, as the patch can be (completly ?) disabled. > Please include a pointer to the patch, and explain why you think it > should be included. sorry, I thought you know of the patch.
Here the pointers: Project Homepage: http://www.trl.ibm.com/projects/security/ssp/ Patch for gcc 2.95.3: http://www.trl.ibm.com/projects/security/ssp/gcc2_95_3/protector-2.95.3-9.tar.gz Link to the announcement on gcc-patches: http://gcc.gnu.org/ml/gcc-patches/2001-06/msg01753.html Now why. The patch adds an option to gcc, which can optionally be made default, which adds some protection code to every C program it compiles. Also, it does some variable reordering to prevent pointers to be overridden by buffer overflows. The author says, that he bootstraped gcc on some architectures and some pople are using a rebuild FreeBSD 4.3 and a RedHat 6.2 without trouble. The exact architectures are mentioned in the announcement. With this patch, many buffer overflows can be detected. When this happens, the programs are terminated and a message to syslog is generated. On the homepage is a description, how exactly the patch works. I think this patch would lead to a more secure debian linux. When there are different versions of gcc with and without the patch or the patch is simply disabled by default, there should be no problems. And now, where testing is frozen, it should be a good time to include this patch. With kind regards Torsten Knodt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9A5yJX1/CjdwsodIRAihAAKCghFdcAQy9y15PmXZFSIf8rciqNwCdGliA KSTWWkn7zxWHhShxGUpUUys= =NKLt -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
