Port-amd64 archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Turning on stack protection by default

On Sat Oct 24 2009 at 22:55:14 +0100, Matthias Scheler wrote:
> > What's the effect on something that people might actually care about,
> > say build.sh ...
> I could do that. But it would require downgrading all my systems
> to binaries with SSP. Why don't you test it? You have a NetBSD system
> without SSP. You can benchmark "build.sh" for producing safer
> binaries and that repeat the build once you have updated. ;-)

Yes, I could benchmark it.  However, it's easier for me to not do that
and say "I object".  It seems like there's a lot of "I'll propose this,
but someone else should do the work in showing that I'm right" going on
in NetBSD this weekend ... ;)

> > ... or apachebench?
> What would that demonstrate except that the network is the bottleneck?

It would demonstrate how much SSP might (not) be a problem for a given
real application (apache and/or www client in this case).

Home | Main Index | Thread Index | Old Index