On Sun, Dec 04, 2005 at 02:25:07PM -0800, Bill Wohler wrote: > Package: security.debian.org > Severity: wishlist
This is an inappropriate package to report this bug against, I'd suggest at least using GCC. > They mentioned StackGuard, ProPolice, StackShield, and RAD (Return > Address Defender) for the compiler and libsafe (already a Debian package > in sid) for the OS. Some of these have been discussed on Debian lists > already. > > I have no idea how these tools might be incorporated into Debian, but I > think it would be a Good Thing if every program were protected by them. > It would make our systems safer, and would be great for Debian > marketing. I concur. I've made Sarge packages of SSP available here: http://people.debian.org/~skx/ssp.html Two relevent bugs reports you should read are: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213994 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=233208 These were relating to the addition of compiler protection in GCC. When GCC v4.1 comes out it will have one. The next step is of course to enable it and use it on the buildds - whether that happens or not will be an interesting situation; I'd be very pleased if it did but either way security.debian.org isn't the right place to discuss it. I'd suggest the debian-security mailing list as a good target for discussion.. -- Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]