From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OUFfj-0002pf-T3 for garchives@archives.gentoo.org; Thu, 01 Jul 2010 09:03:04 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 81074E0C30 for ; Thu, 1 Jul 2010 09:03:03 +0000 (UTC) Received: from mail-fx0-f53.google.com (mail-fx0-f53.google.com [209.85.161.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 13859E0B4E for ; Thu, 1 Jul 2010 08:10:49 +0000 (UTC) Received: by fxm19 with SMTP id 19so1092108fxm.40 for ; Thu, 01 Jul 2010 01:10:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=b1SBmtjdpvX5CS6PuEg5uDPB3RjuBb13LnB7BBbQvL0=; b=Z+MU41xHtEKVwIgHnnUAk6ej34fdxxptxW2g0NokwF+VnMB1KtpG77zesx6ProwhJb 2e6hf9mk7/rgqSTfgeUCw6/wMmivskOwzLiRIO4wcWs64Z2g7eaC87z6ULM+iggpyWeZ N42L9w0UYWuSMc1Kpg1s2c2ORmUfk7C/uN30U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=gWzkm1+tmqYs7XoM+rUyZK4FpSNfQbekh84Y6slAQXHSQXTYKXMCx/cHYkCRWiWL6L bcRhy8fT5GsKuicyThcZqe379GMFU29ayat+x10yOgKETkBsRK1Ba/E4+DtvxRGN6oPa qvcaTN3HegwEa6u/Sunt5S8GNXrN+e+I+rXfo= Received: by 10.223.107.10 with SMTP id z10mr6765859fao.3.1277971849203; Thu, 01 Jul 2010 01:10:49 -0700 (PDT) Received: from Mobile-Workstation.localdomain (capgeminitop.capgemini.se [193.234.247.50]) by mx.google.com with ESMTPS id x3sm24071887fag.35.2010.07.01.01.10.48 (version=SSLv3 cipher=RC4-MD5); Thu, 01 Jul 2010 01:10:49 -0700 (PDT) Date: Thu, 1 Jul 2010 10:10:44 +0200 From: Daniel Kuehn To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] binary protection mechanisms in different Linux distros Message-ID: <20100701101044.0773a30b@Mobile-Workstation.localdomain> In-Reply-To: <201007010846.11482.radegand@o2.pl> References: <201007010846.11482.radegand@o2.pl> X-Mailer: Claws Mail 3.7.5 (GTK+ 2.18.9; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: cd04d511-ffc6-422b-b5ae-470cb457e66e X-Archives-Hash: ef600f544aa57984821028197d980e21 On Thu, 1 Jul 2010 08:46:11 +0100 Radoslaw Madej wrote: > Hi guys, > > I convinced the company I work for to allow me to spend some time on > reviewing different security aspects of Linux OS and different distros. As it > also involves Gentoo Hardened (which I also happily use on a daily basis), I > thought I'd share. :) > > http://labs.mwrinfosecurity.com/projectdetail.php?project=13&view=news > > There should be more to come in a near future. Any feedback appreciated :) > > Thanks to all hardened-dev for making the Hardened Gentoo happen! :) > Regards, > Radek Madej > A very good paper my friend, I enjoyed reading it :) I think you go into enough detail to keep even the less interested people reading and I hope that you manage to propagate this article (Maybe we could put a reference to it in the hardened docs?) so that more people become aware. Sure, some people are probably going to start question your testing methods and such because, like you mention in the paper, assessing security enabled on binaries can give false positives and negatives depending on how the code looks like. -- Mvh Daniel Kuehn