| 1 |
2009/6/26 Ed W <lists@××××××××××.com>: |
| 2 |
|
| 3 |
[snip] |
| 4 |
|
| 5 |
> However, to be clear I think this achieves a PIE install with no SSP? Can |
| 6 |
> anyone confirm this is correct? |
| 7 |
|
| 8 |
That's correct. |
| 9 |
|
| 10 |
> Seems like SSP is desirable, but not really sure why it's not so |
| 11 |
> straightforward to turn on? |
| 12 |
|
| 13 |
The SSP implementation you are familiar with is largely the work of Dr |
| 14 |
Hiroaki Etoh of IBM, Japan. As I understand it, the patch simply isn't |
| 15 |
being maintained any more and, consequently, others (Red Hat?) have |
| 16 |
picked up the baton and produced an implementation that it somewhat |
| 17 |
different. By mere virtue of being different, there are unique |
| 18 |
issues/bugs to be resolved before it can be enabled by default in the |
| 19 |
gcc-4.x hardened specs without causing undue breakage and inducing |
| 20 |
headaches throughout the hardened populace. |
| 21 |
|
| 22 |
Cheers, |
| 23 |
|
| 24 |
--Kerin |
Archives