Re: Turning on stack protection by default

To: Matthias Scheler <tron%zhadum.org.uk@localhost>
Subject: Re: Turning on stack protection by default
From: Steven Bellovin <smb%cs.columbia.edu@localhost>
Date: Sun, 18 Oct 2009 08:57:18 -0400


On Oct 18, 2009, at 7:59 AM, Matthias Scheler wrote:


        Hello,

I'm using NetBSD/amd64 and NetBSD/i386 with stack smash protectionenabledever since the feature was introduced into NetBSD. I've just fixed abug

in "mdnsd" which was caught by SSP.(*)

Considering that this feature helps finding bugs and increases system
security I would like to suggest to turn in on by default on these
two NetBSD ports.

What do other people think about this?

        Kind regards

(*) http://mail-index.netbsd.org/source-changes/2009/10/18/msg002034.html

That's an excellent idea. I recall a line from Hoare (alas, I haven'tbeen able to find the precise quote online) about how turning offthings like that on production systems is like sailors who wear lifejackets for practice on shore, but leave them home when they go to sea.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

References:
- Turning on stack protection by default
  - From: Matthias Scheler

Prev by Date: Turning on stack protection by default
Next by Date: Can't use ethernet nor wireless on HP 2140
Previous by Thread: Turning on stack protection by default
Next by Thread: Re: Turning on stack protection by default
Indexes:

Home | Main Index | Thread Index | Old Index