| 1 |
PIE is used in hardened gentoo, If PIE can't protect you against this, |
| 2 |
ssp at least could try to do it, this is the reason because |
| 3 |
-fstack-protector-all and -D_FORTIFY_SOURCE=2 are needed, and at least |
| 4 |
-fstack-protector-all is really extended in hardened gentoo.. as |
| 5 |
another security layer. . |
| 6 |
|
| 7 |
2013/3/25, "Tóth Attila" <atoth@××××××××××.hu>: |
| 8 |
> Is gentoo-hardened better regarding the amount of unrandomized code |
| 9 |
> compared to other distros? |
| 10 |
> -- |
| 11 |
> dr Tóth Attila, Radiológus, 06-20-825-8057 |
| 12 |
> Attila Toth MD, Radiologist, +36-20-825-8057 |
| 13 |
> |
| 14 |
> 2013.Március 25.(H) 13:52 időpontban PaX Team ezt írta: |
| 15 |
>> On 25 Mar 2013 at 9:01, Kfir Lavi wrote: |
| 16 |
>> |
| 17 |
>>> Hi, |
| 18 |
>>> I'm looking for a way to reduce glibc code size. |
| 19 |
>>> It can be a way to make system smaller and minimize the impact |
| 20 |
>>> of attack vectors in glibc, as in return-to-libc attack. |
| 21 |
>> |
| 22 |
>> study this and draw your conclusions whether the whole exercise is |
| 23 |
>> worth it or not: |
| 24 |
>> |
| 25 |
>> https://www.usenix.org/conference/usenix-security-11/q-exploit-hardening-made-easy |
| 26 |
>> |
| 27 |
>> |
| 28 |
> |
| 29 |
> |
| 30 |
> |
| 31 |
> |
Archives