Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "Javier Juan Martínez Cabezón" <tazok.id0@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] binary protection mechanisms in different Linux distros
Date: Fri, 02 Jul 2010 05:59:27
Message-Id: AANLkTimcktpo1z_ZMTZiO-uLcsbW88i8gvBnHyXX6u36@mail.gmail.com
In Reply to: Re: [gentoo-hardened] binary protection mechanisms in different Linux distros by Radoslaw Madej
1 Probably you could check if exists ssp related code in functions that hasn't
2 character arrays (AFAIK this is the difference between -fstack-protector
3 (doesn't protect them) and -fstack-protector-all). gdb could be your friend.
4
5 2010/7/1 Radoslaw Madej <radegand@××.pl>
6
7 > On Thursday 01 July 2010 09:16:17 you wrote:
8 > > Hi, I think it's a bad day to make comparisons with hardened gentoo.
9 > >
10 > > Hardened gentoo traditionally doesn't use only -fstack-protector as
11 > > ubuntu does and some others, it use -fstack-protector-all in
12 > > everywhere it could. It's an important difference. I think that the
13 > > actually ssp bug in the last version isn't representative of what
14 > > hardened gentoo does (it's a bug, an exception). It has always shipped
15 > > -fstack-protector-all everywhere.
16 >
17 > Hi,
18 > Thanks for all the feedback :)
19 >
20 > Javier: good point, I haven't really considered the differences between the
21 > use of fstack-protector and fstack-protector-all - maybe something to do
22 > in
23 > the future. Would there be a way to find out which option was used on a
24 > given
25 > binary 'post mortem'? (read: after compilation? ;))
26 >
27 > Regards,
28 > Radek Madej
29 >
30 > >
31 > > 2010/7/1 Radoslaw Madej <radegand@××.pl>
32 > >
33 > > > Hi guys,
34 > > >
35 > > > I convinced the company I work for to allow me to spend some time on
36 > > > reviewing different security aspects of Linux OS and different distros.
37 > > > As it also involves Gentoo Hardened (which I also happily use on a
38 > daily
39 > > > basis), I thought I'd share. :)
40 > > >
41 > > > http://labs.mwrinfosecurity.com/projectdetail.php?project=13&view=news
42 > > >
43 > > > There should be more to come in a near future. Any feedback appreciated
44 > > > :)
45 > > >
46 > > > Thanks to all hardened-dev for making the Hardened Gentoo happen! :)
47 > > > Regards,
48 > > > Radek Madej
49 >
50 >
Report Message
Find on MARC Find on Google Groups