[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: StackGuard

On Mon, Nov 09, 1998 at 09:33:50AM +0100, Enrico Cherubini wrote:
> You know too that there is a program (StackGuard) that could help in
> keeping this trouble at a lower risk level but...looking at the stackguard
> homepage,

For those who don't know StackGuard, it's
http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/ .
It's a modified gcc 2.7.2.x that attempts to detect/prevent most forms of
stack coruption (as used by buffer overflow exploits).
Currently, it works only on i386 and only on top of gcc 2.7.2.x, so its
usefulness is somewhat limited (even more so when, after the release of
Linux 2.2, we'll fully switch to egcs).

Does anyone know if there are plans to integrate this into egcs and port it
to non-i386 (the principle is claimed to be portable)?

> I know...this could slow the system and possibly other side trouble
> but...this is my opinion: avery maintainer could compile 2 version of the
> same package: package.deb and package_sg.deb, so everyone can take the
> version he prefer..

I don't think this should be made a burden on all maintainers. IMO, this
falls in the same category as providing Pentium I/Pro/II optimised versions,
debugging version, statically linked versions etc. That's not something an
individual package maintainer should provide; it's much more akin to a port,
and should be treated as such. If someone wants to do work on a Debian
i386-StackGuard port, great.

Ray
-- 
UNFAIR  Term applied to advantages enjoyed by other people which we tried 
to cheat them out of and didn't manage. See also DISHONESTY, SNEAKY, 
UNDERHAND and JUST LUCKY I GUESS.     
- The Hipcrime Vocab by Chad C. Mulligan
Reply to: