Probably you could check if exists ssp related code in functions that hasn't
character arrays (AFAIK this is the difference between -fstack-protector
(doesn't protect them) and -fstack-protector-all). gdb could be your friend.

2010/7/1 Radoslaw Madej <radegand@o2.pl>

> On Thursday 01 July 2010 09:16:17 you wrote:
> > Hi, I think it's a bad day to make comparisons with hardened gentoo.
> >
> > Hardened gentoo traditionally doesn't use only -fstack-protector as
> > ubuntu does and some others, it use -fstack-protector-all in
> > everywhere it could. It's an important difference. I think that the
> > actually ssp bug in the last version isn't representative of what
> > hardened gentoo does (it's a bug, an exception). It has always shipped
> > -fstack-protector-all everywhere.
>
> Hi,
> Thanks for all the feedback :)
>
> Javier: good point, I haven't really considered the differences between the
> use of  fstack-protector and fstack-protector-all - maybe something to do
> in
> the future. Would there be a way to find out which option was used on a
> given
> binary 'post mortem'? (read: after compilation? ;))
>
> Regards,
> Radek Madej
>
> >
> > 2010/7/1 Radoslaw Madej <radegand@o2.pl>
> >
> > > Hi guys,
> > >
> > > I convinced the company I work for to allow me to spend some time on
> > > reviewing different security aspects of Linux OS and different distros.
> > > As it also involves Gentoo Hardened (which I also happily use on a
> daily
> > > basis), I thought I'd share. :)
> > >
> > > http://labs.mwrinfosecurity.com/projectdetail.php?project=13&view=news
> > >
> > > There should be more to come in a near future. Any feedback appreciated
> > > :)
> > >
> > > Thanks to all hardened-dev for making the Hardened Gentoo happen! :)
> > > Regards,
> > > Radek Madej
>
>