Enabling SSP for increased proactive security

Registered by Martin Pitt on 2006-06-08

gcc 4.1 comes with SSP now, which is a nice technology to mitigate exploitability of many buffer overflows. This greatly enhances security in the time between publication of a vulnerability and the USN.

https://wiki.ubuntu.com/ProactiveSecurityRoadmap1 is a large specification that also includes thoughts about SSP.

Blueprint information

Status:
Complete
Approver:
Matt Zimmerman
Priority:
High
Drafter:
Martin Pitt
Direction:
Needs approval
Assignee:
Martin Pitt
Definition:
Approved
Series goal:
Accepted for edgy
Implementation:
Implemented
Milestone target:
None
Started by
Martin Pitt on 2006-08-16
Completed by
Martin Pitt on 2006-08-16

Related branches

Sprints

Whiteboard

initial tests done and look promising

need a decision about which option to implement in edgy

lifeless 20060623: This looks fine as specification but it really needs the decision about which route to take for implementation before it can be considered approvable.

pitti 20060623: decision made and added to spec

Approved by mdz, 2006-06-27

pitti 20060706: gcc changes implemented a while ago, progress looking good, no apparent regressions so far; reserving one day for potential bug fixing and reserve 'implemented' status for the time when edgy gets more widespread testing.

(?)

Work Items