| 1 |
At one point I had plugged flawfinder support into my ebuild.sh |
| 2 |
dyn_unpack() function, but it produced so much crap that I found it |
| 3 |
somewhat useless. I've also have giving a little thought into plugging |
| 4 |
in some elf fuzz checkers into the dyn_install() function of ebuild.sh |
| 5 |
as well, but have yet to find a decent one. |
| 6 |
As for the rest of the stuff, well I just cant stomach to read another |
| 7 |
openbsd propaganda page, so if anybody would like to sum up exactly what |
| 8 |
feature they desire to see then I'm sure we can add it to the TODO list. |
| 9 |
|
| 10 |
|
| 11 |
On Fri, 2003-09-05 at 14:02, Alexander Gabert wrote: |
| 12 |
> yeah, |
| 13 |
> |
| 14 |
> we should think about source-parsing function pointer bounds checkers |
| 15 |
> and formatstring checkers to round up our efforts in respect to the |
| 16 |
> linear overflow protection provided by the propolice support (SSP) and |
| 17 |
> the process randomization of dynamic PIC binaries by PaX. |
| 18 |
> |
| 19 |
> if you want we can discuss it in the channel #gentoo-hardened on |
| 20 |
> freenode what solutions are available currently and how hard it would be |
| 21 |
> to update portage (similar approach like the antivirus scanning prep'd |
| 22 |
> by solar some time ago) |
| 23 |
> |
| 24 |
> HTH, |
| 25 |
> |
| 26 |
> Alex |
| 27 |
> |
| 28 |
> On Fri, 2003-09-05 at 21:53, Jan Krueger wrote: |
| 29 |
> > Hi, |
| 30 |
> > |
| 31 |
> > is there a guide like |
| 32 |
> > http://www.openbsd.org/porting.html#Security |
| 33 |
> > in progress? available? |
| 34 |
> > |
| 35 |
> > Or even better tools bundled in a "esecurity_check": |
| 36 |
> > |
| 37 |
> > src_unpack() { |
| 38 |
> > blabla |
| 39 |
> > unpack |
| 40 |
> > epatch |
| 41 |
> > blabla |
| 42 |
> > |
| 43 |
> > # check unpacked and patched source tree for security issues |
| 44 |
> > # like in http://www.openbsd.org/porting.html#Security |
| 45 |
> > esecurity_check || die |
| 46 |
> > } |
| 47 |
> > |
| 48 |
> > ? Something like that? In progress? Or even ready for testing? |
| 49 |
> > already finished? Someone just forgot to mention? I was to blind to see? |
| 50 |
> > |
| 51 |
> > Gruß |
| 52 |
> > Jan |
| 53 |
> > |
| 54 |
> > |
| 55 |
> > -- |
| 56 |
> > gentoo-hardened@g.o mailing list |
| 57 |
> > |
| 58 |
> > |
| 59 |
> |
| 60 |
> |
| 61 |
> |
| 62 |
> -- |
| 63 |
> gentoo-hardened@g.o mailing list |
| 64 |
-- |
| 65 |
RSA key ID 2BC75196 http://keyserver.net |
| 66 |
Gentoo Linux Developer (Hardened) http://dev.gentoo.org/~solar |
Archives