GccSsp
|
⇤ ← Revision 1 as of 2006-06-14 12:16:00
Size: 1268
Comment: initial spec
|
Size: 1266
Comment: fix formatting
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 39: | Line 39: |
| || postgresql-8.1 || ok on amd64/edgy, fail in sid/i386 due to obscure linking problem ||, | || postgresql-8.1 || ok on amd64/edgy, fail in sid/i386 due to obscure linking problem || |
Launchpad Entry: https://launchpad.net/distros/ubuntu/+spec/gcc-ssp
Created: 2006-06-14 by MartinPitt
Contributors: MartinPitt
Packages affected: many
Summary
gcc 4.1 comes with SSP now, which is a nice technology to mitigate exploitability of many buffer overflows. This greatly enhances security in the time between publication of a vulnerability and the USN.
Edgy is a good opportunity to try it out for some particular packages and provide a parallel test archive with SSP enabled by default, so that we can thoroughly test it. If all goes well, we should enable it by default in edgy+1.
Rationale
Use cases
Scope
Design
Implementation
Code
Data preservation and migration
Outstanding issues
BoF agenda and discussion
Field research
The following dapper packages have been tested with SSP enabled (built with gcc-4.1 and -fstack-protector under edgy):
perl |
ok |
python |
ok |
apache2 |
ok |
postgresql-8.1 |
ok on amd64/edgy, fail in sid/i386 due to obscure linking problem |
firefox |
FTBFS with gcc 4.1 |
GccSsp (last edited 2008-08-06 16:19:12 by localhost)