From: Ned Ludd <solar@gentoo.org>
To: Ciaran McCreesh <ciaranm@gentoo.org>
Cc: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Stack smash protected daemons
Date: Wed, 22 Sep 2004 22:34:16 -0400 [thread overview]
Message-ID: <1095906856.15523.3014.camel@simple> (raw)
In-Reply-To: <20040923030852.72a2d02c@snowdrop.home>
[-- Attachment #1: Type: text/plain, Size: 1172 bytes --]
On Wed, 2004-09-22 at 22:08, Ciaran McCreesh wrote:
> On Wed, 22 Sep 2004 22:03:34 -0400 Ned Ludd <solar@gentoo.org> wrote:
> | > just to enable a hack
> |
> | What's this hack your now speaking of frequently?
>
> The hack is in trying to get the compiler to make broken code safe,
> rather than properly auditing code. SSP does not fix broken code, it's
> just duct tape.
shrug.. I guess that's one way to look at it.
If however you wanted to fix all the broken code you could use something
like the upcoming mudflap which would incur a much larger performance
hit, so much in fact that it can't even be considered for production
use. When it hits our tree I'll sacrifice one of machines on my lan for
the sole sake of trying to catch bugs and fixing them at the source
level.
btw ssp has thank fully has caught a fair number of potential overflows
(well real ones) that we have fixed :)
So on that note it's the damn gcc runtime duct tape I'm aware of that we
can start making use of immediately to reduce the overall risk factor.
--
Ned Ludd <solar@gentoo.org>
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2004-09-23 2:35 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-22 15:54 [gentoo-dev] Stack smash protected daemons John Richard Moser
2004-09-22 16:04 ` Ciaran McCreesh
2004-09-22 17:06 ` Elfyn McBratney
2004-09-22 17:30 ` Marius Mauch
2004-09-22 21:13 ` John Richard Moser
2004-09-23 0:11 ` Ned Ludd
2004-09-23 0:27 ` Ciaran McCreesh
2004-09-23 0:38 ` Mike Frysinger
2004-09-23 0:42 ` Ciaran McCreesh
2004-09-23 2:40 ` Mike Frysinger
2004-09-23 14:47 ` Marius Mauch
2004-09-23 19:03 ` Mike Frysinger
2004-09-23 20:28 ` Ned Ludd
2004-09-23 20:35 ` Ciaran McCreesh
2004-09-23 20:53 ` Ned Ludd
2004-09-23 21:11 ` Ciaran McCreesh
2004-09-23 1:40 ` John Richard Moser
2004-09-23 1:55 ` Ciaran McCreesh
2004-09-23 2:24 ` John Richard Moser
2004-09-23 1:48 ` Dave Monnier
2004-09-23 2:03 ` Ned Ludd
2004-09-23 2:08 ` Ciaran McCreesh
2004-09-23 2:25 ` John Richard Moser
2004-09-23 2:34 ` Ned Ludd [this message]
2004-09-23 3:12 ` Mike Frysinger
2004-09-23 2:41 ` Colin Kingsley
2004-09-23 2:47 ` Mike Frysinger
2004-09-23 23:29 ` Daniel Goller
2004-09-24 0:28 ` Jason Stubbs
2004-09-25 16:32 ` Bart Lauwers
2004-09-23 1:41 ` Christian Birchinger
2004-09-23 23:27 ` Daniel Goller
2004-09-23 23:27 ` Ciaran McCreesh
2004-09-22 16:48 ` Rumen Yotov
2004-09-22 17:59 ` Lance Albertson
2004-09-22 21:35 ` John Richard Moser
2004-09-22 21:53 ` Mike Frysinger
2004-09-22 23:49 ` Ned Ludd
2004-09-22 23:17 ` Donnie Berkholz
2004-09-23 0:26 ` Mike Frysinger
2004-09-23 0:37 ` Marius Mauch
2004-09-23 1:51 ` John Richard Moser
2004-09-23 2:44 ` Mike Frysinger
2004-09-23 14:55 ` Marius Mauch
2004-09-23 20:10 ` Paul de Vrieze
2004-09-24 0:41 ` Jason Stubbs
2004-09-24 0:46 ` Jason Stubbs
2004-09-24 0:52 ` John Richard Moser
2004-09-24 1:55 ` Marius Mauch
2004-09-23 4:01 ` John Richard Moser
2004-09-23 4:06 ` John Richard Moser
2004-09-23 5:26 ` Ned Ludd
2004-09-23 5:32 ` Mike Frysinger
2004-09-23 8:31 ` [gentoo-dev] " Thierry Carrez
2004-09-23 14:05 ` Thierry Carrez
2004-09-23 16:27 ` Ciaran McCreesh
2004-09-23 17:45 ` John Richard Moser
2004-09-24 3:21 ` John Richard Moser
2004-09-24 6:02 ` Ned Ludd
2004-09-24 6:34 ` Colin Kingsley
2004-09-24 6:34 ` John Richard Moser
2004-09-24 7:23 ` Colin Kingsley
2004-09-24 11:41 ` Ciaran McCreesh
2004-09-24 12:42 ` Spider
2004-09-24 13:03 ` Colin Kingsley
2004-09-24 13:10 ` Ciaran McCreesh
2004-09-24 15:48 ` John Richard Moser
2004-09-24 19:00 ` Paul de Vrieze
2004-09-25 1:19 ` [gentoo-dev] " Duncan
2004-09-25 3:04 ` John Richard Moser
2004-09-25 10:55 ` [gentoo-dev] " Duncan
2004-09-23 17:27 ` [gentoo-dev] Re: [gentoo-security] " John Richard Moser
2004-09-25 17:26 ` [gentoo-dev] " Bart Lauwers
2004-09-25 17:35 ` Ciaran McCreesh
2004-09-25 21:42 ` Bart Lauwers
2004-09-25 22:29 ` Ciaran McCreesh
2004-09-25 23:46 ` Bart Lauwers
2004-09-25 23:54 ` Ciaran McCreesh
2004-09-27 8:02 ` Thierry Carrez
2004-09-26 0:18 ` Stephen P. Becker
2004-09-26 1:22 ` Jason Stubbs
2004-09-25 17:43 ` Rumen Yotov
2004-09-26 0:58 ` Jason Wever
2004-09-26 6:14 ` John Richard Moser
2004-09-26 13:04 ` Ciaran McCreesh
2004-09-26 16:22 ` John Richard Moser
2004-09-26 16:23 ` Ciaran McCreesh
2004-09-26 15:52 ` Stephen P. Becker
2004-09-26 16:18 ` John Richard Moser
2004-09-26 16:22 ` Ciaran McCreesh
2004-09-26 16:29 ` Stephen P. Becker
2004-09-26 16:11 ` Jason Wever
2004-09-26 16:41 ` John Richard Moser
2004-09-26 17:25 ` [gentoo-dev] Stack smash protected daemons [blah] Kumba
2004-09-26 6:39 ` [gentoo-dev] Stack smash protected daemons Rumen Yotov
2004-09-26 10:14 ` Colin Kingsley
2004-09-26 18:36 ` Jon Portnoy
2004-09-26 18:39 ` John Richard Moser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1095906856.15523.3014.camel@simple \
--to=solar@gentoo.org \
--cc=ciaranm@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox