As well as showing how well the compiler works for the i386 platform I have a list of all the my recent DSA's and a comment on whether the SSP compiler would have prevented exploitation.
The table can be found here: http://shellcode.org/Advisories/ The short version is that 16 out of the previous 21 DSA's which I've been responsible for would have become unexploitable had the relevent packages been compiled with an SSP-enabled compiler. I accept that the patch probably won't be enabled until it's been tested more - but it's a catch 22 situation, most archs won't get more testing until it's been enabled! FWIW I believe enabling it, but having the protection default to off is the correct solution. After sarge. -- Steve -- # Debian Security Audit Project http://www.shellcode.org/Audit/