build firefox, thunderbird and mozilla with propolice

hanb · Post by **hanb** » January 12th, 2005, 5:50 am

Hi,

I just figured out you can build binaries with a gcc compiler with propolice stack-smashing protector and those binaries work fine on other machines, except that any buffer-overflow exploit is now turned into remote crashes at worst.

Since especially in this phase ff,tb and moz will be searched again and again for exploitable bugs this simple measure can take out the sting of the most often exploited class of bugs. At the acceptable cost of 1% performance loss.

# Han

moox · Post by **moox** » January 24th, 2005, 9:36 am

I, and I am sure others, would appreciate more info on propolice.

hanb · Post by **hanb** » February 7th, 2005, 3:46 pm

Right.

http://www.research.ibm.com/trl/projects/security/ssp/

But since it's a gcc extension I don't think this is w32 related.