[ On Friday, December 6, 2002 at 09:20:21 (-0800), Wolfgang Rupprecht wrote: ]
> Subject: Re: GCC extension for protecting applications from stack-smashing  attacks
>
> 
> > >         http://www.trl.ibm.com/projects/security/ssp/
> > 
> > pkgsrc/lang/gcc-ssp ?
> 
> Crap.  I didn't realize that it was in pkgsrc.

It's getting to the point where even when something's not in pkgsrc and
I try making a package for it then it shows up the very next day from
someone else!  ;-)  (and sadly this encourages me to wait before
expending the effort to create a pkgsrc module)

> Thanks for the pointer.  I'll try playing with it now.  It does sound
> like a useful hack.

It is, to my understanding, one of the best implementations of this idea
that's possible, at least in any generic way with a compiler like GCC.

I've been using it for a while now, and fortunately it has not yet
caught anything (though it does work for at least some stack overflows
-- I keep running tests just to be sure!).

I think it would be really neat if this option could be included in the
base system compiler so that it could be (optionally -- it does have
some minor performance impact) turned on and used for the entire system
and all tools/packages/etc. built on the system after the fact too.
I've been hoping that it would be included natively in GCC-3.x, and
there may still be some hope that it will, but in the mean time it seems
like it would be desirable enough to add it just in NetBSD, at least
once NetBSD's GCC is up-to-date and matches a version supported by the
SSP author.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>