This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: -fno-stack-protector

On Tuesday 06 May 2008, Carlos O'Donell wrote:
> On Mon, May 5, 2008 at 10:08 PM, Mike Frysinger <> wrote:
> >  glibc follows the general redhat policy: only daemons that are networked
> > are built as PIEs with SSP.  that means only nscd is built as a PIE with
> > SSP enabled.  Hardened Gentoo takes a more extreme approach: build the
> > entire system as PIEs with SSP.
> Has anyone written up a quantitative report on the benefits of
> building the whole system PIE + SSP?

it's security.  quantitative measuring of how secure things are really isnt 
doable.  i dont recall ever coming across anything directly applicable/usable 
in my grad student work wrt security.  plenty of researchers attempting to 
address the issue in a general non-specific matter, but that's about it.

the redhat policy PIE/SSP addresses remote access, but it doesnt address local 
access.  but that's because the redhat policy wrt local access involves 
selinux, not userspace technologies.

Attachment: signature.asc
Description: This is a digitally signed message part.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]