Port-amd64 archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Turning on stack protection by default

On Oct 18, 2009, at 7:59 AM, Matthias Scheler wrote:


I'm using NetBSD/amd64 and NetBSD/i386 with stack smash protection enabled ever since the feature was introduced into NetBSD. I've just fixed a bug
in "mdnsd" which was caught by SSP.(*)

Considering that this feature helps finding bugs and increases system
security I would like to suggest to turn in on by default on these
two NetBSD ports.

What do other people think about this?

        Kind regards

(*) http://mail-index.netbsd.org/source-changes/2009/10/18/msg002034.html

That's an excellent idea. I recall a line from Hoare (alas, I haven't been able to find the precise quote online) about how turning off things like that on production systems is like sailors who wear life jackets for practice on shore, but leave them home when they go to sea.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Home | Main Index | Thread Index | Old Index