Stack-Smash Protector

Bob Kimmel rkimmel at princeton.edu
Sun Sep 29 10:57:16 PDT 2002


> Anyone have any luck building glibc-2.2.5-2 with a
> stack-protection-enabled gcc 3.2?  It breaks on me in the early stages
> of compilation.
> 
> The stack protector is a gcc patch by Hiroaki Etoh (IBM) that causes gcc
> to insert stack protection code into binaries during compilation.  Check
> it out:   http://www.trl.ibm.com/projects/security/ssp/
> 

I have no information on the question you are asking, but would
be interested in anyone's experience with this patch or any of
the competing products/patches.  The web site referenced above
has a link to some articles, in which this patch does fairly well
relative to some other software, but maybe this web site is biased :-)
What are opinions on this?  If I can live with a mild performance
degradation, is there any reason not to use this patch?  (Other than
failure to compile glibc-2.2.5-2 :-)) Is another piece of software
better?  Should such a patch be used when compiling the kernel?  (I'm
guessing "no", but not really sure.) Are there some pieces of software
that should be compiled with it, while others should be left alone? etc.
It looks like it is a command-line option, so it should be easy to
mix and match software if that is appropriate.

Thanks in advance.

BK

Bob Kimmel
Bendheim Center for Finance
Department of Economics
Princeton University
rkimmel at princeton.edu

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list