| 1 |
On Wed, 2004-09-22 at 22:08, Ciaran McCreesh wrote: |
| 2 |
> On Wed, 22 Sep 2004 22:03:34 -0400 Ned Ludd <solar@g.o> wrote: |
| 3 |
> | > just to enable a hack |
| 4 |
> | |
| 5 |
> | What's this hack your now speaking of frequently? |
| 6 |
> |
| 7 |
> The hack is in trying to get the compiler to make broken code safe, |
| 8 |
> rather than properly auditing code. SSP does not fix broken code, it's |
| 9 |
> just duct tape. |
| 10 |
|
| 11 |
shrug.. I guess that's one way to look at it. |
| 12 |
|
| 13 |
If however you wanted to fix all the broken code you could use something |
| 14 |
like the upcoming mudflap which would incur a much larger performance |
| 15 |
hit, so much in fact that it can't even be considered for production |
| 16 |
use. When it hits our tree I'll sacrifice one of machines on my lan for |
| 17 |
the sole sake of trying to catch bugs and fixing them at the source |
| 18 |
level. |
| 19 |
|
| 20 |
btw ssp has thank fully has caught a fair number of potential overflows |
| 21 |
(well real ones) that we have fixed :) |
| 22 |
|
| 23 |
So on that note it's the damn gcc runtime duct tape I'm aware of that we |
| 24 |
can start making use of immediately to reduce the overall risk factor. |
| 25 |
|
| 26 |
-- |
| 27 |
Ned Ludd <solar@g.o> |
| 28 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |
Archives