Rick Jones wrote:
> Darren Tucker wrote:

>> Can anyone think of a good reason not to enable it if the compiler
>> supports it? A quick test here shows minimal difference in runtime over
>> a full regress pass (~10sec over 8.5 minutes, and since the machine is
>> not entirely idle that could be experimental error).

> Is this stack protection architecture neutral?

I'm not sure but I suspect that it is given that HPPA was (last time I
looked) one of the main development platforms for gcc and that the
documentation doesn't say anything about it being platforms specific.
That said I haven't actually tried it on a stack-grows-up architecture
like HPPA (and can't at the moment).

WRT to the cookie entropy source, it uses a /dev/urandom if you have it,
but failing that it will fall back to a static cookie, so it's weaker
but not quite worthless if you don't have kernel random support.

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
openssh-unix-dev mailing list