From: | Sven Vermeulen <swift@g.o> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] Re: Can we get PIE on all SUID binaries by default, por favor? | ||
Date: | Mon, 23 Jan 2012 20:10:36 | ||
Message-Id: | 20120123200955.GA24519@gentoo.org | ||
In Reply to: | Re: [gentoo-dev] Re: Can we get PIE on all SUID binaries by default, por favor? by Mike Gilbert |
1 | On Mon, Jan 23, 2012 at 03:00:41PM -0500, Mike Gilbert wrote: |
2 | > I'm asking "how does one enable PIE/ASLR", not how to check if it is |
3 | > enabled already. |
4 | |
5 | Look at http://hardened.gentoo.org, the default toolchain used includes PIE, |
6 | and it also includes various other measures (like additional grSecurity |
7 | restrictions or even SELinux) that makes Gentoo Hardened systems less |
8 | vulnerable to this specific vulnerability. |
9 | |
10 | Wkr, |
11 | Sven Vermeulen |