On Tuesday 28 December 2004 10:03, Malte Gell wrote:
Hi there, I'm just playing a bit with IBM's SSP ( http://www.research.ibm.com/trl/projects/security/ssp/ ) and GCC 3.4.1. Since OpenBSD, Gentoo and others already ship with it, i wonder what do the SuSE security people think about SSP? Will SuSE support it in the future and if not, why? Is SSP really such an improvement as some say it is?
Will SUSE start to support it? I don't know. There are performance penalties involved with installing canary bytes before function calls and then checking them afterwards. I don't know what those penalties might be, but any performance sensitive application would certainly feel it. I wouldn't want such a thing on any Linux box I work with unless I have the option of turning it off when it gets in the way. Is SSP an improvement? Er, over what? Not having it there at all? Yes, but it's not a catch all system that will make all the buffer overflow vulnerabilities go away. That's the problem with these sorts of things: they tend to give a false sense of security. The SSP webpage says "Applications written in C will be protected by the method..." which just isn't true. It's not protected. Another hurdle is put in the path of an attacker, but these hurdles can be overcome: http://www.phrack.org/phrack/56/p56-0x05 Cluttering up code with these sorts of band-aid patches isn't the answer. The answer is to get the code right, or if that can't be guaranteed, to write the code in a language that isn't vulnerable to buffer overflows - i.e. something with security designed in, rather than bolted on.