From owner-freebsd-security Mon Jan 7 8: 4:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from drkshdw.org (user4.net011.fl.sprint-hsd.net [207.30.203.4]) by hub.freebsd.org (Postfix) with SMTP id 7127837B404 for ; Mon, 7 Jan 2002 08:04:53 -0800 (PST) Received: (qmail 17740 invoked from network); 7 Jan 2002 16:04:51 -0000 Received: from unknown (HELO jeff) (192.168.134.2) by 0 with SMTP; 7 Jan 2002 16:04:51 -0000 Message-ID: <001401c19795$535dc4e0$0286a8c0@jeff> From: "Jeff Palmer" To: , References: <20020107091948.A4096@sheol.localdomain> Subject: Re: GCC stack-smashing extension Date: Mon, 7 Jan 2002 11:06:54 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org While I have never personally used this patch, my advice would be: Don't depend on a compiler based security implementation in your code. Code with security in mind from the ground up. What happens if you get used to your compiler adding in all the checks and balances, and then for some reason you are forced to use a standard compiler for something? Don't let a compiler allow you to lower your standards. Don't let it make you lazy. And most of all, don't let it teach you bad habits (Microsofts MFC for vc++ comes to mind here on the bad habits example) Just my two cents.. I'd rather stick with a default GCC, and use better/smarter coding practices on my machines :-) ----- Original Message ----- From: "D J Hawkey Jr" To: "security at FreeBSD" Sent: Monday, January 07, 2002 10:19 AM Subject: GCC stack-smashing extension > Hey, all, > > I recently stumbled across the web page for the GCC stack-smashing > extension (http://www.trl.ibm.com/projects/security/ssp/): > > - Anyone have any experience with it, good, bad, or otherwise? > - Any reason why I wouldn't want this? > - Any plans to merge it into the FreeBSD-distributed GCC? > > Thanks, > Dave > > -- > ______________________ ______________________ > \__________________ \ D. J. HAWKEY JR. / __________________/ > \________________/\ hawkeyd@visi.com /\________________/ > http://www.visi.com/~hawkeyd/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message