tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Improving security for pkgsrc
On Tue, Jul 21, 2015 at 09:34:16AM +0200, Marc Espie wrote:
> On Sun, Jul 19, 2015 at 12:05:06PM +0200, Martin Husemann wrote:
> > On Sun, Jul 19, 2015 at 01:23:35AM +0200, Pierre Pronchery wrote:
> > > Please tell me if I'm wrong, but I believe SSP is *not* enabled by
> > > default on NetBSD's base system, with any architecture - even in -current.
> >
> > It is enabled only in parts of the tree, since together with -Werror
> > it causes lots of fallout otherwise.
>
> ... and it takes lots of efforts to get ssp to work properly, especially
> with a compiler that has bugs.
This is not about code generation bugs. It is about the misdesign of GCC
to add (fatal with -Werror) warnings because it is too stupid to
instrument functions e.g. using alloca. Which doesn't even make sense,
as the canary cookie can be created just as well.
> from there, it's simpler to dismiss it as not being useful, rather than
> figure out where to go from there, right Joerg ?
*sigh* Have you bothered to read what I said at all? I never said it is
not useful. Just that it is much weaker than most believe it to be.
Joerg
Home |
Main Index |
Thread Index |
Old Index