On Thu, Nov 12, 2009 at 07:19:55AM +, Mindaugas Rasiukevicius wrote:
> * 5% performance hit on build.sh is not really a small number to me.
I've disabled SSP again, the performance hit is gone.
We can therefore stop this fruitless discussion.
Kind regards
--
Matthias Scheler
On Thu, Nov 12, 2009 at 12:40:54PM +, Mindaugas Rasiukevicius wrote:
> Well, I do not really care about this type of philosophical security in the
> kernel, but by estimating the effect, I would say there is more cost than
> benefit - modern x86 machines have a PG_NX bit, which deals with this
On Thu, Nov 12, 2009 at 12:40:54PM +, Mindaugas Rasiukevicius wrote:
> benefit - modern x86 machines have a PG_NX bit, which deals with this matter
> in a much better way.
Non executable stack only takes care of some types of stack smashing attacks,
the stack protector catches a lot more.
Mar
Matthias Scheler wrote:
> > Point that it can find some bugs is reasonable, but then why not enable
> > it for, let's say, DIAGNOSTIC option?
>
> Because it is also a security feature. I can e.g. turn a remote root
> exploit into a DoS which will at least keep your data safe.
>
Well, I do not r
On Thu, Nov 12, 2009 at 07:19:55AM +, Mindaugas Rasiukevicius wrote:
> > Log Message:
> > Enable Stack Smash Protection (SSP) by default for NetBSD/amd64 and
> > NetBSD/i386 as previously discussed on the "port-amd64" and
> > "port-i386" mailing lists. No objections from the core team.
>
> My
Hello,
> Module Name:src
> Committed By: tron
> Date: Wed Nov 11 16:35:45 UTC 2009
>
> Modified Files:
> src/share/mk: bsd.sys.mk bsd.x11.mk
>
> Log Message:
> Enable Stack Smash Protection (SSP) by default for NetBSD/amd64 and
> NetBSD/i386 as previously discussed on the