Port-i386 archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Turning on stack protection by default



On Sun, Oct 25, 2009 at 05:25:16PM +0000, Mindaugas Rasiukevicius wrote:
> > And the worst case seems to be 8%. Such numbers are however not good
> > enough for "certain people".
> 
> Perhaps enabling it on services/daemons (e.g. postfix, bind) ...

You don't get the full protection unless the kernel and the libraries
use SSP as well.

> ... would make you feel better?

I don't mind 8% *worst case* performance degradation for a more secure
and stable system.

        Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/


Home | Main Index | Thread Index | Old Index