Gentoo Archives: gentoo-amd64

From: Richard Freeman <rich@××××××××××××××.net>
To: gentoo-amd64@l.g.o
Subject: Re: [gentoo-amd64] Questions about No Execute and security
Date: Thu, 06 Oct 2005 14:19:44
Message-Id: 434531D1.1010407@thefreemanclan.net
In Reply to: Re: [gentoo-amd64] Questions about No Execute and security by "Olivier Crête"
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 Olivier Crête wrote:
5 > On Thu, 2005-06-10 at 15:06 +0200, Marco Matthies wrote:
6 >>Do we have stack-smashing protection, and can this actually help against
7 >>return to libc attacks? Judging from the gcc USE flags, it seems to be
8 >>there at least -- is it also activated automatically?
9 >
10 > What you want is Gentoo Hardened [1]. They maintain a toolchain (gcc,
11 > etc) with the security oriented stuff. And also a security oriented
12 > kernel (hardened-sources) that includes stuff like address space
13 > randomization, stronger chroot, etc ..
14 >
15
16 Too bad the latest firefox upgrade filters out -fstack-protector...
17
18 I don't run hardened per-se, but I do use stack-smashing protection.
19 I'm not sure why it isn't a default-supported config on gentoo. A fair
20 number of ebuilds don't work with it. We also used to have the
21 grsecurity patches in gentoo-sources, but I don't think this is the case
22 anymore.
23
24 It seems odd that these aren't standard gentoo features. That would
25 probably give them more widespread support rather than devs just looking
26 at you funny when you mention having something other than -O2 in your
27 CFLAGS. Other than for debugging is there any reason not to have
28 stack-smashing protection and address-space randomization?
29 -----BEGIN PGP SIGNATURE-----
30 Version: GnuPG v1.4.1 (GNU/Linux)
31 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
32
33 iD8DBQFDRTHRg2bN8aFizRkRAr6ZAKC30KYKEj3rf31OknczHOkTLhXPngCfS+Fi
34 o5cZuGPqKOB4cwHn+7vVWIY=
35 =/FxO
36 -----END PGP SIGNATURE-----

Attachments

File name MIME type
smime.p7s application/x-pkcs7-signature

Replies

Subject Author
Re: [gentoo-amd64] Questions about No Execute and security Daniel Gryniewicz <dang@g.o>
Re: [gentoo-amd64] Questions about No Execute and security "Kevin F. Quinn" <kevquinn@g.o>