[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
On Nov 12, 2009, at 3:30 PM, Elad Efrat wrote:
> Matthias Scheler wrote:
>> On Wed, Nov 11, 2009 at 04:55:07PM +0000, Matthias Scheler wrote:
>>> SSP will result in a slowdown of about 5%, please read this thread
>>> for more details:
>> After protests from multiple developer because of the performance hit
>> I've reverted the changes. SSP is now off by default (except for
>> library and network daemon builds) on all platforms, in particular
>> for NetBSD/amd64 and NetBSD/i386 kernels.
> Unfortunately for rmind@, pooka@, and haad@, until proven otherwise,
> it seems more developers are interested in having SSP enabled by
> default. Please put it back. No developers are more equal than others.
I don't know who has opposed it and I'm not particularly interested in names.
It would be nice to get a sense of the consensus -- I would certainly like it
on by default. The hit is only 5%? If my math is right, that's about 5 weeks
worth of Moore's Law bonus; I think we can afford it. It's especially true for
amd64, where there isn't much 15-year-old steam-powered, legacy hardware around.
In the meantime, is there something I can put into mk.conf to enable it when I
do my own builds? What about for pkgsrc builds?
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Main Index |
Thread Index |