1 |
On Wed, 2004-09-22 at 22:08, Ciaran McCreesh wrote: |
2 |
> On Wed, 22 Sep 2004 22:03:34 -0400 Ned Ludd <solar@g.o> wrote: |
3 |
> | > just to enable a hack |
4 |
> | |
5 |
> | What's this hack your now speaking of frequently? |
6 |
> |
7 |
> The hack is in trying to get the compiler to make broken code safe, |
8 |
> rather than properly auditing code. SSP does not fix broken code, it's |
9 |
> just duct tape. |
10 |
|
11 |
shrug.. I guess that's one way to look at it. |
12 |
|
13 |
If however you wanted to fix all the broken code you could use something |
14 |
like the upcoming mudflap which would incur a much larger performance |
15 |
hit, so much in fact that it can't even be considered for production |
16 |
use. When it hits our tree I'll sacrifice one of machines on my lan for |
17 |
the sole sake of trying to catch bugs and fixing them at the source |
18 |
level. |
19 |
|
20 |
btw ssp has thank fully has caught a fair number of potential overflows |
21 |
(well real ones) that we have fixed :) |
22 |
|
23 |
So on that note it's the damn gcc runtime duct tape I'm aware of that we |
24 |
can start making use of immediately to reduce the overall risk factor. |
25 |
|
26 |
-- |
27 |
Ned Ludd <solar@g.o> |
28 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |