1 |
2009/6/26 Ed W <lists@××××××××××.com>: |
2 |
|
3 |
[snip] |
4 |
|
5 |
> However, to be clear I think this achieves a PIE install with no SSP? Can |
6 |
> anyone confirm this is correct? |
7 |
|
8 |
That's correct. |
9 |
|
10 |
> Seems like SSP is desirable, but not really sure why it's not so |
11 |
> straightforward to turn on? |
12 |
|
13 |
The SSP implementation you are familiar with is largely the work of Dr |
14 |
Hiroaki Etoh of IBM, Japan. As I understand it, the patch simply isn't |
15 |
being maintained any more and, consequently, others (Red Hat?) have |
16 |
picked up the baton and produced an implementation that it somewhat |
17 |
different. By mere virtue of being different, there are unique |
18 |
issues/bugs to be resolved before it can be enabled by default in the |
19 |
gcc-4.x hardened specs without causing undue breakage and inducing |
20 |
headaches throughout the hardened populace. |
21 |
|
22 |
Cheers, |
23 |
|
24 |
--Kerin |