| Summary: | GCC stack smashing protector for GCC | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | David Nielsen <Lovechild> |
| Component: | [OLD] Core system | Assignee: | Martin Schlemmer (RETIRED) <azarah> |
| Status: | RESOLVED FIXED | ||
| Severity: | enhancement | CC: | absinthe, ahbritto, security, vapier |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | x86 | ||
| OS: | Linux | ||
| URL: | http://www.trl.ibm.com/projects/security/ssp/ | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
David Nielsen
2003-01-09 18:34:58 UTC
Post 1.4 if we go for it. Sure, that was what I figured it's a bit to late in the release process to add such a massive and intrusive change, this was never meant to be a 1.4 request... but I see this as a nice feature server security, it's of course not worth much on a desktop machine unless you have a bad case of paranoia :) I would like to contribute to the testing effort for this as well. This is a Good Thing. I would suggest making this a different, ebuild for testing (such as gcc-propolice)... then merge it over to the mainline gcc ebuilds once it's considered safe and is tested on all platforms (even if the cflag is not used). Right now the gcc 3.2.1 patch has been tested by the patch authors only on x86 and ppc. I've also been testing this, and things are going quite well. This would definitely make a good addition to post 1.4 Gentoo. My results so far can be found at http://frogger974.homelinux.org/gentoo_propolice.html The most significant problems I've come across are portage breaking if glibc is build with stack protection, and portage breaking if it is build with stack protection itself. I'm hoping to track down these issues sometime soon. this is in gcc-3.2.2-r3 being tested, etc there are also changes to important packages (xfree), etc to accomidate this for info check out http://cvs.gentoo.org/~method closing this bug.. |
