1 |
yeah, |
2 |
|
3 |
we should think about source-parsing function pointer bounds checkers |
4 |
and formatstring checkers to round up our efforts in respect to the |
5 |
linear overflow protection provided by the propolice support (SSP) and |
6 |
the process randomization of dynamic PIC binaries by PaX. |
7 |
|
8 |
if you want we can discuss it in the channel #gentoo-hardened on |
9 |
freenode what solutions are available currently and how hard it would be |
10 |
to update portage (similar approach like the antivirus scanning prep'd |
11 |
by solar some time ago) |
12 |
|
13 |
HTH, |
14 |
|
15 |
Alex |
16 |
|
17 |
On Fri, 2003-09-05 at 21:53, Jan Krueger wrote: |
18 |
> Hi, |
19 |
> |
20 |
> is there a guide like |
21 |
> http://www.openbsd.org/porting.html#Security |
22 |
> in progress? available? |
23 |
> |
24 |
> Or even better tools bundled in a "esecurity_check": |
25 |
> |
26 |
> src_unpack() { |
27 |
> blabla |
28 |
> unpack |
29 |
> epatch |
30 |
> blabla |
31 |
> |
32 |
> # check unpacked and patched source tree for security issues |
33 |
> # like in http://www.openbsd.org/porting.html#Security |
34 |
> esecurity_check || die |
35 |
> } |
36 |
> |
37 |
> ? Something like that? In progress? Or even ready for testing? |
38 |
> already finished? Someone just forgot to mention? I was to blind to see? |
39 |
> |
40 |
> Gruß |
41 |
> Jan |
42 |
> |
43 |
> |
44 |
> -- |
45 |
> gentoo-hardened@g.o mailing list |
46 |
> |
47 |
> |
48 |
|
49 |
|
50 |
|
51 |
-- |
52 |
gentoo-hardened@g.o mailing list |