Enabling SSP for increased proactive security
gcc 4.1 comes with SSP now, which is a nice technology to mitigate exploitability of many buffer overflows. This greatly enhances security in the time between publication of a vulnerability and the USN.
https:/
Blueprint information
- Status:
- Complete
- Approver:
- Matt Zimmerman
- Priority:
- High
- Drafter:
- Martin Pitt
- Direction:
- Needs approval
- Assignee:
- Martin Pitt
- Definition:
- Approved
- Series goal:
- Accepted for edgy
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Martin Pitt
- Completed by
- Martin Pitt
Whiteboard
initial tests done and look promising
need a decision about which option to implement in edgy
lifeless 20060623: This looks fine as specification but it really needs the decision about which route to take for implementation before it can be considered approvable.
pitti 20060623: decision made and added to spec
Approved by mdz, 2006-06-27
pitti 20060706: gcc changes implemented a while ago, progress looking good, no apparent regressions so far; reserving one day for potential bug fixing and reserve 'implemented' status for the time when edgy gets more widespread testing.