1 |
Peter, |
2 |
|
3 |
I don't think anybody has proved that fstack-anything has any value what |
4 |
so ever in the kernel. I would recommend Hiroaki Etoh be consulted about |
5 |
about the technical merits of having a ssp enabled kernel as well as |
6 |
expected performance impact. I'd personally like to see some POC for |
7 |
this. (seeing is believing) |
8 |
|
9 |
If it does have merit in a kernel then I think we can come back to |
10 |
the subject of adding some random data to it's __guard if not then I'm |
11 |
going to recommend that it be removed from any Gentoo kernels which may |
12 |
have this patch added. |
13 |
|
14 |
|
15 |
On Tue, 2003-12-16 at 03:27, Peter S. Mazinger wrote: |
16 |
> Hello! |
17 |
> |
18 |
> As it is implemented, __guard has a fixed value (so this is the "canary" |
19 |
> implementation, less effective then random values as in ssp.c for glibc. |
20 |
> PaX includes the function pax_get_random_long (get_random_long in |
21 |
> grsecurity, grsecurity has also obsd_rand.c w/ some random function), |
22 |
> that could be used for this. |
23 |
> |
24 |
> Peter |
25 |
-- |
26 |
Ned Ludd <solar@g.o> |
27 |
Gentoo Linux Developer |