1 |
On Sun, 2005-09-25 at 07:44 -0400, Albert Lash wrote: |
2 |
> I'm getting the feeling that even if you run SElinux, you do not have to |
3 |
> use the hardened gcc compiler. Can someone explain what this compiler is |
4 |
> used for and when to use it? |
5 |
|
6 |
The hardened compiler strengthens the integrity of a program, which |
7 |
means its harder to break the program and make it do unintended things, |
8 |
for example by exploiting a buffer overflow. The compiler uses stack |
9 |
smashing protection and address space layout randomization (ASLR) to |
10 |
accomplish this. To get the maximum effect, you also want to use PaX to |
11 |
make ASLR work, and also get non-executable pages enforcement. |
12 |
|
13 |
SELinux provides assurance, preventing programs from doing things |
14 |
unintended; anything that isn't explicitly allowed is denied. This is |
15 |
limited to accesses (not correctness of data), so if someone compromises |
16 |
a service, but doesn't do anything disallowed, SELinux (or any other |
17 |
access control system for that matter) won't stop it. For example, if |
18 |
someone were to compromise a mail server daemon with the intent of |
19 |
reading secret emails in the mail spool, SELinux won't stop it, since |
20 |
the daemon has to read and write the mail spool as part of its regular |
21 |
function. |
22 |
|
23 |
SELinux can also provide process integrity protections thanks to some |
24 |
enhancements merged in recent kernel releases, such as preventing |
25 |
execution of memory, stack, heap, etc. There is a technical argument on |
26 |
whether this is sufficient, (implementation-wise, in comparison to PaX), |
27 |
but I'm not going to get into it. |
28 |
|
29 |
When to use the hardened compiler? In general, it would be best to at |
30 |
least use it on whatever you're running which would seem prone to being |
31 |
attacked. For completeness, you should use it on all of your system, |
32 |
since that will cover libraries and anything else you wouldn't |
33 |
anticipate as an attack vector. |
34 |
|
35 |
The strongest solution would use both a hardened compiler, a mandatory |
36 |
access control system, and PaX. This is layered security, to try to get |
37 |
as complete protection as possible. |
38 |
|
39 |
-- |
40 |
Chris PeBenito |
41 |
<pebenito@g.o> |
42 |
Developer, |
43 |
Hardened Gentoo Linux |
44 |
Embedded Gentoo Linux |
45 |
|
46 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
47 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |