8% is a huge hit, by all means a module or an option, however I question its 
need as "standard". I would not want it there unless Im convinced it truely 
offers protection from a quantifiable risk. I dont want to see the kernel go 
the way of MS's kernel ,one huge bloated mess.

Lets see some papers/justification for this item, it may not be needed in all 
situations. 

regards

Thing

On Sat, 07 Dec 2002 09:29, Albert Cervera Areny wrote:
> I've read in slashdot
> (http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has
> included stack-smashing protection using the ProPolice
> (http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2
>
> I think it would be a great idea to use this patch with debian too as soon
> as gcc becomes the compiler by default. Protecting the entire system from
> this kind of bugs would really be a great security step forward. Would
> somebody make some kind of statistics of how many of this year's bugs
> wouldn't have made the system vulnerable with this patch?
>
> Though there is about of 8% performane overhead I think it is worth using
> this. And more now that gcc makes programs about 8% faster ;-)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to