On Thursday 01 July 2010 09:16:17 you wrote:Hi,
> Hi, I think it's a bad day to make comparisons with hardened gentoo.
>
> Hardened gentoo traditionally doesn't use only -fstack-protector as
> ubuntu does and some others, it use -fstack-protector-all in
> everywhere it could. It's an important difference. I think that the
> actually ssp bug in the last version isn't representative of what
> hardened gentoo does (it's a bug, an exception). It has always shipped
> -fstack-protector-all everywhere.
Thanks for all the feedback :)
Javier: good point, I haven't really considered the differences between the
use of fstack-protector and fstack-protector-all - maybe something to do in
the future. Would there be a way to find out which option was used on a given
binary 'post mortem'? (read: after compilation? ;))
Regards,
Radek Madej
>
> 2010/7/1 Radoslaw Madej <radegand@o2.pl>
>
> > Hi guys,
> >
> > I convinced the company I work for to allow me to spend some time on
> > reviewing different security aspects of Linux OS and different distros.
> > As it also involves Gentoo Hardened (which I also happily use on a daily
> > basis), I thought I'd share. :)
> >
> > http://labs.mwrinfosecurity.com/projectdetail.php?project=13&view=news
> >
> > There should be more to come in a near future. Any feedback appreciated
> > :)
> >
> > Thanks to all hardened-dev for making the Hardened Gentoo happen! :)
> > Regards,
> > Radek Madej