Re: Subject: CVS commit: src/share/mk

To: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Subject: Re: Subject: CVS commit: src/share/mk
From: Matthias Scheler <tron%netbsd.org@localhost>
Date: Thu, 12 Nov 2009 07:55:32 +0000

On Thu, Nov 12, 2009 at 07:19:55AM +0000, Mindaugas Rasiukevicius wrote:
> > Log Message:
> > Enable Stack Smash Protection (SSP) by default for NetBSD/amd64 and
> > NetBSD/i386 as previously discussed on the "port-amd64" and
> > "port-i386" mailing lists. No objections from the core team.
> 
> My last impression from port-{i386|amd64} was that SSP wont be enabled.

The majority of people seemed to be in favour of the change.

> Point that it can find some bugs is reasonable, but then why not enable
> it for, let's say, DIAGNOSTIC option?

Because it is also a security feature. I can e.g. turn a remote root
exploit into a DoS which will at least keep your data safe.

        Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/

Follow-Ups:
- Re: Subject: CVS commit: src/share/mk
  - From: Mindaugas Rasiukevicius

References:
- Re: Subject: CVS commit: src/share/mk
  - From: Mindaugas Rasiukevicius

Prev by Date: Re: Subject: CVS commit: src/share/mk
Next by Date: Re: Subject: CVS commit: src/share/mk
Previous by Thread: Re: Subject: CVS commit: src/share/mk
Next by Thread: Re: Subject: CVS commit: src/share/mk
Indexes:

Home | Main Index | Thread Index | Old Index