1 |
At one point I had plugged flawfinder support into my ebuild.sh |
2 |
dyn_unpack() function, but it produced so much crap that I found it |
3 |
somewhat useless. I've also have giving a little thought into plugging |
4 |
in some elf fuzz checkers into the dyn_install() function of ebuild.sh |
5 |
as well, but have yet to find a decent one. |
6 |
As for the rest of the stuff, well I just cant stomach to read another |
7 |
openbsd propaganda page, so if anybody would like to sum up exactly what |
8 |
feature they desire to see then I'm sure we can add it to the TODO list. |
9 |
|
10 |
|
11 |
On Fri, 2003-09-05 at 14:02, Alexander Gabert wrote: |
12 |
> yeah, |
13 |
> |
14 |
> we should think about source-parsing function pointer bounds checkers |
15 |
> and formatstring checkers to round up our efforts in respect to the |
16 |
> linear overflow protection provided by the propolice support (SSP) and |
17 |
> the process randomization of dynamic PIC binaries by PaX. |
18 |
> |
19 |
> if you want we can discuss it in the channel #gentoo-hardened on |
20 |
> freenode what solutions are available currently and how hard it would be |
21 |
> to update portage (similar approach like the antivirus scanning prep'd |
22 |
> by solar some time ago) |
23 |
> |
24 |
> HTH, |
25 |
> |
26 |
> Alex |
27 |
> |
28 |
> On Fri, 2003-09-05 at 21:53, Jan Krueger wrote: |
29 |
> > Hi, |
30 |
> > |
31 |
> > is there a guide like |
32 |
> > http://www.openbsd.org/porting.html#Security |
33 |
> > in progress? available? |
34 |
> > |
35 |
> > Or even better tools bundled in a "esecurity_check": |
36 |
> > |
37 |
> > src_unpack() { |
38 |
> > blabla |
39 |
> > unpack |
40 |
> > epatch |
41 |
> > blabla |
42 |
> > |
43 |
> > # check unpacked and patched source tree for security issues |
44 |
> > # like in http://www.openbsd.org/porting.html#Security |
45 |
> > esecurity_check || die |
46 |
> > } |
47 |
> > |
48 |
> > ? Something like that? In progress? Or even ready for testing? |
49 |
> > already finished? Someone just forgot to mention? I was to blind to see? |
50 |
> > |
51 |
> > Gruß |
52 |
> > Jan |
53 |
> > |
54 |
> > |
55 |
> > -- |
56 |
> > gentoo-hardened@g.o mailing list |
57 |
> > |
58 |
> > |
59 |
> |
60 |
> |
61 |
> |
62 |
> -- |
63 |
> gentoo-hardened@g.o mailing list |
64 |
-- |
65 |
RSA key ID 2BC75196 http://keyserver.net |
66 |
Gentoo Linux Developer (Hardened) http://dev.gentoo.org/~solar |