1 |
PIE is used in hardened gentoo, If PIE can't protect you against this, |
2 |
ssp at least could try to do it, this is the reason because |
3 |
-fstack-protector-all and -D_FORTIFY_SOURCE=2 are needed, and at least |
4 |
-fstack-protector-all is really extended in hardened gentoo.. as |
5 |
another security layer. . |
6 |
|
7 |
2013/3/25, "Tóth Attila" <atoth@××××××××××.hu>: |
8 |
> Is gentoo-hardened better regarding the amount of unrandomized code |
9 |
> compared to other distros? |
10 |
> -- |
11 |
> dr Tóth Attila, Radiológus, 06-20-825-8057 |
12 |
> Attila Toth MD, Radiologist, +36-20-825-8057 |
13 |
> |
14 |
> 2013.Március 25.(H) 13:52 időpontban PaX Team ezt írta: |
15 |
>> On 25 Mar 2013 at 9:01, Kfir Lavi wrote: |
16 |
>> |
17 |
>>> Hi, |
18 |
>>> I'm looking for a way to reduce glibc code size. |
19 |
>>> It can be a way to make system smaller and minimize the impact |
20 |
>>> of attack vectors in glibc, as in return-to-libc attack. |
21 |
>> |
22 |
>> study this and draw your conclusions whether the whole exercise is |
23 |
>> worth it or not: |
24 |
>> |
25 |
>> https://www.usenix.org/conference/usenix-security-11/q-exploit-hardening-made-easy |
26 |
>> |
27 |
>> |
28 |
> |
29 |
> |
30 |
> |
31 |
> |