Ubuntu

Enabling SSP for increased proactive security

Registered by Martin Pitt on 2006-06-08

gcc 4.1 comes with SSP now, which is a nice technology to mitigate exploitability of many buffer overflows. This greatly enhances security in the time between publication of a vulnerability and the USN.

https://wiki.ubuntu.com/ProactiveSecurityRoadmap1 is a large specification that also includes thoughts about SSP.

Read the full specification

Blueprint information

Status:: Complete

Approver:: Matt Zimmerman

Priority:: High

Drafter:: Martin Pitt

Direction:: Needs approval

Assignee:: Martin Pitt

Definition:: Approved

Series goal:: Accepted for edgy

Implementation:: Implemented

Milestone target:: None

Started by: Martin Pitt on 2006-08-16

Completed by: Martin Pitt on 2006-08-16

Related branches

Related bugs

Sprints

uds-paris

Whiteboard

initial tests done and look promising

need a decision about which option to implement in edgy

lifeless 20060623: This looks fine as specification but it really needs the decision about which route to take for implementation before it can be considered approvable.

pitti 20060623: decision made and added to spec

Approved by mdz, 2006-06-27

pitti 20060706: gcc changes implemented a while ago, progress looking good, no apparent regressions so far; reserving one day for potential bug fixing and reserve 'implemented' status for the time when edgy gets more widespread testing.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Adam Conrad

Andrew Mitchell

Ian Jackson

Jeff Bailey

Kai F. Lahmann

Krishna Sankar

Matthias Klose

Nafallo Bjälevik

Thom May

Yagisan