As well as showing how well the compiler works for the i386 platform
 I have a list of all the my recent DSA's and a comment on whether
 the SSP compiler would have prevented exploitation.

  The table can be found here:

        http://shellcode.org/Advisories/

  The short version is that 16 out of the previous 21 DSA's which I've
 been responsible for would have become unexploitable had the relevent
 packages been compiled with an SSP-enabled compiler.

  I accept that the patch probably won't be enabled until it's been
 tested more - but it's a catch 22 situation, most archs won't get more
 testing until it's been enabled!

  FWIW I believe enabling it, but having the protection default to off
 is the correct solution.  After sarge.

-- 
Steve
--
# Debian Security Audit Project
http://www.shellcode.org/Audit/



Reply via email to