Gentoo Archives: gentoo-amd64

From: "Olivier Crête" <tester@g.o>
To: gentoo-amd64@l.g.o
Subject: Re: [gentoo-amd64] Questions about No Execute and security
Date: Thu, 06 Oct 2005 13:51:28
Message-Id: 1128606627.28666.5.camel@TesterBox.tester.ca
In Reply to: [gentoo-amd64] Questions about No Execute and security by Marco Matthies
1 On Thu, 2005-06-10 at 15:06 +0200, Marco Matthies wrote:
2 > Do we currently have address space layout randomization on amd64 (or
3 > other archs), and will it actually help in these sort of attacks?
4 > I saw a mention of adding it to the kernel in [3], has that gone through?
5 >
6 > Do we have stack-smashing protection, and can this actually help against
7 > return to libc attacks? Judging from the gcc USE flags, it seems to be
8 > there at least -- is it also activated automatically?
9
10 What you want is Gentoo Hardened [1]. They maintain a toolchain (gcc,
11 etc) with the security oriented stuff. And also a security oriented
12 kernel (hardened-sources) that includes stuff like address space
13 randomization, stronger chroot, etc ..
14
15 [1] http://www.gentoo.org/proj/en/hardened/
16
17 --
18 Olivier Crête
19 tester@g.o
20 x86 Security Liaison

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-amd64] Questions about No Execute and security Richard Freeman <rich@××××××××××××××.net>
Re: [gentoo-amd64] Questions about No Execute and security Marco Matthies <marco-ml@×××.net>