From: "\"Tóth Attila\"" <atoth@atoth.sote.hu>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] New GCC options: -fcf-protection & -fstack-clash-protection
Date: Sun, 24 Feb 2019 19:56:02 +0100 [thread overview]
Message-ID: <4f9add6b2d676645e271c50cb0ac5255.squirrel@atoth.sote.hu> (raw)
In-Reply-To: <936e81ff-add5-c76b-4755-5dc3f54cf603@gmail.com>
I'm not a lawyer either, but it's not legal to copy RAP, especially since
the great crisis. It's trademarked and protected. It's a pity some
companies abused the goodwill of the developers and misused grsec
technologies in the past.
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2019.Február 24.(V) 19:18 időpontban Javier Juan Martinez Cabezon ezt írta:
>
> It's would be feasible to include Grsec RAP gcc plugin in gentoo hardened?
>
> I think it would be a better alternative than fcf-protection does
>
>
> On 24/02/19 16:16, "Tóth Attila" wrote:
>> Dear Guillaume,
>>
>> I'm not a Gentoo Dev either.
>>
>> If there's a place to promote useful gcc flags from their security
>> aspect,
>> Gentoo Hardened is a good place to become a leader of such efforts -
>> like
>> it happened in the past.
>>
>> 1. Regarding fcf-protection:
>> "Currently the x86 GNU/Linux target provides an implementation based on
>> Intel Control-flow Enforcement Technology (CET)."
>> - anybody knows which Intel processor actually supports that since its
>> announcement in 2016?
>> - also it worth to take a look at on these comments by Spender @
>> grsecurity:
>> https://grsecurity.net/effectiveness_of_intel_cet_against_code_reuse_attacks.php
>> It would be good if hardware developers would discuss their plans with
>> more security experts before they put something into production.
>>
>> 2. Regarding stack-clash
>> "Most targets do not fully support stack clash protection."
>> - some information would be helpful to elaborate a little bit more on
>> "not
>> fully" and exactly which targets we are talking about. Anybody has a
>> more
>> detailed documentation?
>>
>> Best regards:
>> Dw.
>>
>
>
next prev parent reply other threads:[~2019-02-24 18:56 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-24 13:27 [gentoo-hardened] New GCC options: -fcf-protection & -fstack-clash-protection Guillaume Ceccarelli
2019-02-24 15:16 ` "Tóth Attila"
2019-02-24 18:18 ` Javier Juan Martinez Cabezon
2019-02-24 18:56 ` "Tóth Attila" [this message]
2019-02-24 19:11 ` Guillaume Ceccarelli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4f9add6b2d676645e271c50cb0ac5255.squirrel@atoth.sote.hu \
--to=atoth@atoth.sote.hu \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox