Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Subject: CVS commit: src/share/mk



On Thu, Nov 12, 2009 at 07:19:55AM +0000, Mindaugas Rasiukevicius wrote:
> > Log Message:
> > Enable Stack Smash Protection (SSP) by default for NetBSD/amd64 and
> > NetBSD/i386 as previously discussed on the "port-amd64" and
> > "port-i386" mailing lists. No objections from the core team.
> 
> My last impression from port-{i386|amd64} was that SSP wont be enabled.

The majority of people seemed to be in favour of the change.

> Point that it can find some bugs is reasonable, but then why not enable
> it for, let's say, DIAGNOSTIC option?

Because it is also a security feature. I can e.g. turn a remote root
exploit into a DoS which will at least keep your data safe.

        Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/


Home | Main Index | Thread Index | Old Index