From: Chris PeBenito <pebenito@gentoo.org>
To: Tom Payne <twp@gentoo.org>
Cc: Gentoo Development Mail List <gentoo-dev@lists.gentoo.org>
Subject: Re: [gentoo-dev] Hardened PHP now in Gentoo
Date: Wed, 19 May 2004 18:49:12 -0500 [thread overview]
Message-ID: <1085010552.8264.18.camel@gorn.pebenito.net> (raw)
In-Reply-To: <20040519232308.GD14148@tompayne.org>
[-- Attachment #1: Type: text/plain, Size: 1307 bytes --]
On Wed, 2004-05-19 at 18:23, Tom Payne wrote:
> On Wed, May 19, 2004 at 08:52:02PM +0100, Stuart Herbert wrote:
> > Sorry, but I don't. I'm sympathetic, and agree that USE flags shouldn't be
> > added for the sake of it. But I believe that the 'hardened' USE flag is for
> > a different feature. Combining the two does not make sense to me.
> >
> > I'm not going to do it.
> hardened Gentoo meaning stack overflow protection, toolchain mods, etc. etc.
> is different to harder-to-exploit PHP. Hardened PHP (AIUI) is more like Safe
> mode in Ruby (and other scripting languages). The two are different things
> and should not be confused.
No, it means the same thing. From the hardened php site:
Implemented protections (until now)
- Canary protection of the Zend Memory Manager
- Canary protection of Zend Linked Lists
- Protection against internal format string exploits
- Protection against arbitrary code inclusion
- Syslog logging of attackers IP
The first four are all hardened-like things, a la PaX, PIE, and SSP.
--
Chris PeBenito
<pebenito@gentoo.org>
Developer,
Hardened Gentoo Linux
Embedded Gentoo Linux
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2004-05-19 23:49 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-17 23:34 [gentoo-dev] Hardened PHP now in Gentoo Stuart Herbert
2004-05-18 7:38 ` Alexander Gabert
[not found] ` <40A9AC46.1070500@wildgooses.com>
2004-05-18 17:45 ` [gentoo-dev] Re: [gentoo-web-user] " Stuart Herbert
2004-05-18 18:16 ` Marius Mauch
2004-05-18 20:08 ` Stuart Herbert
2004-05-19 11:30 ` foser
2004-05-19 12:30 ` Josh Glover
2004-05-19 14:09 ` foser
2004-05-19 16:13 ` Jon Portnoy
2004-05-20 15:52 ` foser
2004-05-20 21:10 ` [gentoo-dev] Some numbers Stuart Herbert
2004-05-20 22:30 ` foser
2004-05-21 21:58 ` Stuart Herbert
2004-05-23 17:20 ` Grant Goodyear
2004-05-19 16:06 ` [gentoo-dev] Re: [gentoo-web-user] Hardened PHP now in Gentoo Jon Portnoy
2004-05-19 17:26 ` Olivier Crete
2004-05-19 17:38 ` Ciaran McCreesh
2004-05-19 17:53 ` Jon Portnoy
[not found] ` <1548.213.101.226.144.1084990759.squirrel@TesterServ.TesterNet>
2004-05-19 18:34 ` Jon Portnoy
2004-05-19 18:54 ` Ciaran McCreesh
2004-05-19 17:56 ` Allen Dale Parker
2004-05-19 18:01 ` Jon Portnoy
2004-05-19 18:24 ` Allen Dale Parker
2004-05-20 16:12 ` foser
2004-05-19 18:00 ` [gentoo-dev] Local USE Flags and Gentoo Handbook (was: Re: Hardened PHP now in Gentoo) Octavio Ruiz (Ta^3)
2004-05-20 7:40 ` [gentoo-dev] Re: [gentoo-web-user] Hardened PHP now in Gentoo oford
2004-05-19 17:44 ` Caleb Tennis
2004-05-19 17:57 ` Ciaran McCreesh
2004-05-19 18:29 ` Caleb Tennis
2004-05-20 1:46 ` [gentoo-dev] USE flag explosion Jason Stubbs
2004-05-20 5:48 ` [gentoo-dev] Re: [gentoo-web-user] Hardened PHP now in Gentoo Georgi Georgiev
2004-05-19 18:06 ` Stuart Herbert
2004-05-19 18:41 ` Joshua Brindle
2004-05-19 18:48 ` Jon Portnoy
2004-05-20 16:41 ` foser
2004-05-19 19:52 ` Stuart Herbert
[not found] ` <20040519232308.GD14148@tompayne.org>
2004-05-19 23:49 ` Chris PeBenito [this message]
2004-05-20 0:02 ` [gentoo-dev] " Tom Payne
2004-05-20 0:10 ` Max Kalika
2004-05-20 0:40 ` Carsten Lohrke
2004-05-20 12:58 ` [gentoo-dev] Re: [gentoo-web-user] " John Nilsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1085010552.8264.18.camel@gorn.pebenito.net \
--to=pebenito@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
--cc=twp@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox