* [gentoo-user] Opinions on -fstack-protector
@ 2009-08-22 19:11 Florian Philipp
2009-08-23 14:14 ` Mike Kazantsev
0 siblings, 1 reply; 3+ messages in thread
From: Florian Philipp @ 2009-08-22 19:11 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 251 bytes --]
Hi list!
I'm wondering what you think about CFLAGS="-fstack-protector"? Do you
use it on security critical systems? Do you compile your kernel with it
(2.6.30+)? Is the performance decrease noticeable?
Thanks in advance!
Florian Philipp
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 261 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-user] Opinions on -fstack-protector
2009-08-22 19:11 [gentoo-user] Opinions on -fstack-protector Florian Philipp
@ 2009-08-23 14:14 ` Mike Kazantsev
2009-08-23 18:04 ` Florian Philipp
0 siblings, 1 reply; 3+ messages in thread
From: Mike Kazantsev @ 2009-08-23 14:14 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 489 bytes --]
On Sat, 22 Aug 2009 21:11:10 +0200
Florian Philipp <lists@f_philipp.fastmail.net> wrote:
> I'm wondering what you think about CFLAGS="-fstack-protector"? Do you
> use it on security critical systems? Do you compile your kernel with it
> (2.6.30+)? Is the performance decrease noticeable?
I might be missing a point, but if you want really secure kernel, why'd
you use 2.6.30+ instead of hardened-sources something like PaX and
grsecurity?
--
Mike Kazantsev // fraggod.net
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-user] Opinions on -fstack-protector
2009-08-23 14:14 ` Mike Kazantsev
@ 2009-08-23 18:04 ` Florian Philipp
0 siblings, 0 replies; 3+ messages in thread
From: Florian Philipp @ 2009-08-23 18:04 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 794 bytes --]
Mike Kazantsev schrieb:
> On Sat, 22 Aug 2009 21:11:10 +0200
> Florian Philipp <lists@f_philipp.fastmail.net> wrote:
>
>> I'm wondering what you think about CFLAGS="-fstack-protector"? Do you
>> use it on security critical systems? Do you compile your kernel with it
>> (2.6.30+)? Is the performance decrease noticeable?
>
> I might be missing a point, but if you want really secure kernel, why'd
> you use 2.6.30+ instead of hardened-sources something like PaX and
> grsecurity?
>
In this particular case, the system is a vserver client. The kernel is
out of my reach. I only have control about userspace.
In general, I thought this might be a simple improvement which doesn't
need all the fuzz a hardened system would need (esp. for desktop systems
and such alike).
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 261 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-08-23 18:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-08-22 19:11 [gentoo-user] Opinions on -fstack-protector Florian Philipp
2009-08-23 14:14 ` Mike Kazantsev
2009-08-23 18:04 ` Florian Philipp
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox