Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
On Thu, Nov 12, 2009 at 6:04 PM, Steven Bellovin
<smb%cs.columbia.edu@localhost> wrote:
>
> On Nov 12, 2009, at 3:30 PM, Elad Efrat wrote:
>
>> Matthias Scheler wrote:
>>> On Wed, Nov 11, 2009 at 04:55:07PM +0000, Matthias Scheler wrote:
>>>> SSP will result in a slowdown of about 5%, please read this thread
>>>> for more details:
>>> After protests from multiple developer because of the performance hit
>>> I've reverted the changes. SSP is now off by default (except for
>>> library and network daemon builds) on all platforms, in particular
>>> for NetBSD/amd64 and NetBSD/i386 kernels.
>>
>> Unfortunately for rmind@, pooka@, and haad@, until proven otherwise,
>> it seems more developers are interested in having SSP enabled by
>> default. Please put it back. No developers are more equal than others.
>>
> I don't know who has opposed it and I'm not particularly interested in names.
> It would be nice to get a sense of the consensus -- I would certainly like
> it on by default. The hit is only 5%? If my math is right, that's about 5
> weeks worth of Moore's Law bonus; I think we can afford it. It's especially
> true for amd64, where there isn't much 15-year-old steam-powered, legacy
> hardware around.
The names are taken out of the commit message; it's as if (for some
reason I can't get my head around) what they thinks is far more
important to what others do.
In any case, you hit the nail right on its head: an unmodified piece
of code written 20 years ago will run much faster today than it did in
the past, but a security vulnerability in it will manifest just about
the same.
-e.
Home |
Main Index |
Thread Index |
Old Index