GccSsp

Differences between revisions 6 and 7
Revision 6 as of 2006-06-15 12:24:59
Size: 1366
Editor: 195
Comment: update
Revision 7 as of 2006-06-15 17:01:51
Size: 1350
Editor: 195
Comment: update status
Deletions are marked like this. Additions are marked like this.
Line 42: Line 42:
|| mysql-dfsg-5.0 || FTBFS with gcc 4.1 || || mysql-dfsg-5.0 || ok ||

Summary

gcc 4.1 comes with SSP now, which is a nice technology to mitigate exploitability of many buffer overflows. This greatly enhances security in the time between publication of a vulnerability and the USN.

Edgy is a good opportunity to try it out for some particular packages and provide a parallel test archive with SSP enabled by default, so that we can thoroughly test it. If all goes well, we should enable it by default in edgy+1.

Rationale

Use cases

Scope

Design

Implementation

Code

Data preservation and migration

Outstanding issues

BoF agenda and discussion

Field research

The following dapper packages have been tested with SSP enabled (built with gcc-4.1 and -fstack-protector under edgy):

perl

ok

python

ok

apache2

ok

php5

ok

postgresql-8.1

ok on edgy, fail in sid due to linking problem

firefox

ok

mysql-dfsg-5.0

ok

glib2.0

ok

gtk+2.0

ok

glibc

FTBFS with SSP

CategorySpec

GccSsp (last edited 2008-08-06 16:19:12 by localhost)