From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OUEwq-0006kq-9l for garchives@archives.gentoo.org; Thu, 01 Jul 2010 08:16:40 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6C475E0B9F; Thu, 1 Jul 2010 08:16:18 +0000 (UTC) Received: from mail-gx0-f181.google.com (mail-gx0-f181.google.com [209.85.161.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 4F3D9E0B9F for ; Thu, 1 Jul 2010 08:16:18 +0000 (UTC) Received: by gxk24 with SMTP id 24so996827gxk.40 for ; Thu, 01 Jul 2010 01:16:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=YmJtPxs2KZYKDh3LxHQb+hzEL/RKGbOOBGEwuVntCKI=; b=fkCzOspEWDadhlOuf0Whm2g5vU24gmqRa7A313rwvh6oVpNm3aj+qrVGgs22hlRiW8 s2EZhzuYFDllRDtW29cnM+WpiaqdWiCYX1qvLOHLA6k1YxIUDYExTJMJVjD4txR4mYt/ /l9+M8/W7gOtGwX1ZWTDPJYq5N+3wJnd2yX64= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=odR8LuQjhbH3sAQShtHjLOC3h/8AzJOF9luWESc3/SnW+WiAFgfHdLrVrLbbl1aw1O 0bI+1pM9akmj3XyQ8Jd5k+REHZongqJlqU/+OOE7jhjhoWjQgvfZOLxZjeJFfaE0JaN+ EjHVkEExmvHWcLG/dHtU5ClVDB9VuS7/O75qA= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.101.184.4 with SMTP id l4mr12338245anp.222.1277972177668; Thu, 01 Jul 2010 01:16:17 -0700 (PDT) Received: by 10.100.11.10 with HTTP; Thu, 1 Jul 2010 01:16:17 -0700 (PDT) In-Reply-To: <201007010846.11482.radegand@o2.pl> References: <201007010846.11482.radegand@o2.pl> Date: Thu, 1 Jul 2010 10:16:17 +0200 Message-ID: Subject: Re: [gentoo-hardened] binary protection mechanisms in different Linux distros From: =?ISO-8859-1?Q?Javier_Juan_Mart=EDnez_Cabez=F3n?= To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 12db8c76-7810-42f5-befa-3aac363b7e4f X-Archives-Hash: 8c5caf74a810871f8048056bcd33a1a6 Hi, I think it's a bad day to make comparisons with hardened gentoo. Hardened gentoo traditionally doesn't use only -fstack-protector as ubuntu does and some others, it use -fstack-protector-all in everywhere it could. It's an important difference.=A0I think that the actually ssp bug in the last version isn't representative of what hardened gentoo does (it's a bug, an exception). It has always shipped -fstack-protector-all everywhere. 2010/7/1 Radoslaw Madej > > Hi guys, > > I convinced the company I work for to allow me to spend some time on revi= ewing > different security aspects of Linux OS and different distros. As it also > involves Gentoo Hardened (which I also happily use on a daily basis), I > thought I'd share. :) > > http://labs.mwrinfosecurity.com/projectdetail.php?project=3D13&view=3Dnew= s > > There should be more to come in a near future. Any feedback appreciated := ) > > Thanks to all hardened-dev for making the Hardened Gentoo happen! :) > Regards, > Radek Madej >