| 1 |
yeah, |
| 2 |
|
| 3 |
we should think about source-parsing function pointer bounds checkers |
| 4 |
and formatstring checkers to round up our efforts in respect to the |
| 5 |
linear overflow protection provided by the propolice support (SSP) and |
| 6 |
the process randomization of dynamic PIC binaries by PaX. |
| 7 |
|
| 8 |
if you want we can discuss it in the channel #gentoo-hardened on |
| 9 |
freenode what solutions are available currently and how hard it would be |
| 10 |
to update portage (similar approach like the antivirus scanning prep'd |
| 11 |
by solar some time ago) |
| 12 |
|
| 13 |
HTH, |
| 14 |
|
| 15 |
Alex |
| 16 |
|
| 17 |
On Fri, 2003-09-05 at 21:53, Jan Krueger wrote: |
| 18 |
> Hi, |
| 19 |
> |
| 20 |
> is there a guide like |
| 21 |
> http://www.openbsd.org/porting.html#Security |
| 22 |
> in progress? available? |
| 23 |
> |
| 24 |
> Or even better tools bundled in a "esecurity_check": |
| 25 |
> |
| 26 |
> src_unpack() { |
| 27 |
> blabla |
| 28 |
> unpack |
| 29 |
> epatch |
| 30 |
> blabla |
| 31 |
> |
| 32 |
> # check unpacked and patched source tree for security issues |
| 33 |
> # like in http://www.openbsd.org/porting.html#Security |
| 34 |
> esecurity_check || die |
| 35 |
> } |
| 36 |
> |
| 37 |
> ? Something like that? In progress? Or even ready for testing? |
| 38 |
> already finished? Someone just forgot to mention? I was to blind to see? |
| 39 |
> |
| 40 |
> Gruß |
| 41 |
> Jan |
| 42 |
> |
| 43 |
> |
| 44 |
> -- |
| 45 |
> gentoo-hardened@g.o mailing list |
| 46 |
> |
| 47 |
> |
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
-- |
| 52 |
gentoo-hardened@g.o mailing list |
Archives