On Sun, Dec 04, 2005 at 02:25:07PM -0800, Bill Wohler wrote:
> Package: security.debian.org
> Severity: wishlist
This is an inappropriate package to report this bug against,
I'd suggest at least using GCC.
> They mentioned StackGuard, ProPolice, StackShield, and RAD (Return
> Address Defender) for the compiler and libsafe (already a Debian package
> in sid) for the OS. Some of these have been discussed on Debian lists
> already.
>
> I have no idea how these tools might be incorporated into Debian, but I
> think it would be a Good Thing if every program were protected by them.
> It would make our systems safer, and would be great for Debian
> marketing.
I concur. I've made Sarge packages of SSP available here:
http://people.debian.org/~skx/ssp.html
Two relevent bugs reports you should read are:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213994
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=233208
These were relating to the addition of compiler protection in
GCC. When GCC v4.1 comes out it will have one.
The next step is of course to enable it and use it on the
buildds - whether that happens or not will be an interesting
situation; I'd be very pleased if it did but either way
security.debian.org isn't the right place to discuss it.
I'd suggest the debian-security mailing list as a good
target for discussion..
--
Steve
--
# The Debian Security Audit Project.
http://www.debian.org/security/audit
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
