new ssp patch sysctl-erandom (was Re: book)

Robert Connolly robert at
Wed Apr 21 14:58:27 PDT 2004

The ssp patch for glibc needs more tweaking yet. If you want to look at the 
gcc/libgcc2.c hunk of gcc-3.3.3-ssp-1.patch (or from ibm) its the function 
that was moved to glibc. Whoever made the original glibc ssp patch didn't 
notice stuff like HAVE_SYSLOG is not defined durring a glibc build, while it 
is defined for gcc. So this lead to broken functionality. The last patch I 
made (for frandom) removed these #ifdefs since we all use syslog. Same goes 
for _POSIX_SOURCE which includes signal.h, which is always needed because 
that includes our kill() function. These issues are fixed. There are a couple 
more vage things to fix. Sysctl can be invoked two different ways, I would 
like to find out the practical difference between sysctl() and __sysctl(). 
Other issues are mainly coding style (code logic). I am trying to work this 
out with gentoo-hardened on their list so we can share ideas and hopefully 
use the same new patch.

