Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 7 Jan 2002 11:06:54 -0500
From:      "Jeff Palmer" <scorpio@drkshdw.org>
To:        <hawkeyd@visi.com>, <security@freebsd.org>
Subject:   Re: GCC stack-smashing extension
Message-ID:  <001401c19795$535dc4e0$0286a8c0@jeff>
References:  <20020107091948.A4096@sheol.localdomain>

next in thread | previous in thread | raw e-mail | index | archive | help
While I have never personally used this patch,   my advice would be:

Don't depend on a compiler based security implementation in your code.
Code with security in mind from the ground up.

What happens if you get used to your compiler adding in all the checks and
balances,  and then for some reason you are forced to use a standard
compiler for something?

Don't let a compiler allow you to lower your standards.  Don't let it make
you lazy.  And most of all,  don't let it teach you bad habits  (Microsofts
MFC for vc++ comes to mind here on the bad habits example)

Just my two cents..  I'd rather stick with a default GCC,
and use better/smarter coding practices on my machines :-)


----- Original Message -----
From: "D J Hawkey Jr" <hawkeyd@visi.com>
To: "security at FreeBSD" <freebsd-security@freebsd.org>
Sent: Monday, January 07, 2002 10:19 AM
Subject: GCC stack-smashing extension


> Hey, all,
>
> I recently stumbled across the web page for the GCC stack-smashing
> extension (http://www.trl.ibm.com/projects/security/ssp/):
>
>   - Anyone have any experience with it, good, bad, or otherwise?
>   - Any reason why I wouldn't want this?
>   - Any plans to merge it into the FreeBSD-distributed GCC?
>
> Thanks,
> Dave
>
> --
>   ______________________                         ______________________
>   \__________________   \    D. J. HAWKEY JR.   /   __________________/
>      \________________/\     hawkeyd@visi.com    /\________________/
>                       http://www.visi.com/~hawkeyd/
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001401c19795$535dc4e0$0286a8c0>