Han Boetes ha scritto:
Aleksander Adamowski <[EMAIL PROTECTED]> wrote:
How about adding ProPolice stack protection to stock Mandrake GCC?
For discussion, see this Mandrake Wiki topic:
<http://qa.mandrakesoft.com/twiki/bin/view/Main/ProPolice>
OpenBSD already did that.
I would add also perl, php and python to the list and
would remove other non-server and non-suid client applications,
otherwise better to apply stack protection to everything...
If not enabled by default this is a great idea. And then lets get W^X
as well ;)
# Han
I've built our gcc RPM with stackprotector enabled some
months ago (latest were gcc-3.3-2mdk(s) for cooker, and gcc-3.2.2-3mdk(s) for 9.1).
IMHO what this could replace is the %serverbuild macro, which
should have -fstack-protector enabled.
From benchmark (ssbench) I don't see any appreciable slow
down, but it would be interesting to see some BIG benchmark
for instance to Apache or some mailer, to see the
effective impact. If someone has one or is willing to do
some intensive benchmark...
Bye.
Giuseppe.
Also we have to be sure, that such patch doesn't have side effect
on applications. For instance I've heard that mozilla as well as XFree86 weren't
compiling/working with stack-protector enabled.
