Archives
Archives
| From: | Sven Vermeulen <swift@g.o> | ||
|---|---|---|---|
| To: | gentoo-dev@l.g.o | ||
| Subject: | Re: [gentoo-dev] Re: Can we get PIE on all SUID binaries by default, por favor? | ||
| Date: | Mon, 23 Jan 2012 20:10:36 | ||
| Message-Id: | 20120123200955.GA24519@gentoo.org | ||
| In Reply to: | Re: [gentoo-dev] Re: Can we get PIE on all SUID binaries by default, por favor? by Mike Gilbert |
||
| 1 | On Mon, Jan 23, 2012 at 03:00:41PM -0500, Mike Gilbert wrote: |
| 2 | > I'm asking "how does one enable PIE/ASLR", not how to check if it is |
| 3 | > enabled already. |
| 4 | |
| 5 | Look at http://hardened.gentoo.org, the default toolchain used includes PIE, |
| 6 | and it also includes various other measures (like additional grSecurity |
| 7 | restrictions or even SELinux) that makes Gentoo Hardened systems less |
| 8 | vulnerable to this specific vulnerability. |
| 9 | |
| 10 | Wkr, |
| 11 | Sven Vermeulen |