| 1 |
Peter, |
| 2 |
|
| 3 |
I don't think anybody has proved that fstack-anything has any value what |
| 4 |
so ever in the kernel. I would recommend Hiroaki Etoh be consulted about |
| 5 |
about the technical merits of having a ssp enabled kernel as well as |
| 6 |
expected performance impact. I'd personally like to see some POC for |
| 7 |
this. (seeing is believing) |
| 8 |
|
| 9 |
If it does have merit in a kernel then I think we can come back to |
| 10 |
the subject of adding some random data to it's __guard if not then I'm |
| 11 |
going to recommend that it be removed from any Gentoo kernels which may |
| 12 |
have this patch added. |
| 13 |
|
| 14 |
|
| 15 |
On Tue, 2003-12-16 at 03:27, Peter S. Mazinger wrote: |
| 16 |
> Hello! |
| 17 |
> |
| 18 |
> As it is implemented, __guard has a fixed value (so this is the "canary" |
| 19 |
> implementation, less effective then random values as in ssp.c for glibc. |
| 20 |
> PaX includes the function pax_get_random_long (get_random_long in |
| 21 |
> grsecurity, grsecurity has also obsd_rand.c w/ some random function), |
| 22 |
> that could be used for this. |
| 23 |
> |
| 24 |
> Peter |
| 25 |
-- |
| 26 |
Ned Ludd <solar@g.o> |
| 27 |
Gentoo Linux Developer |
Archives