-fno-stack-protector
Carlos O'Donell
carlos@systemhalted.org
Tue May 6 11:39:00 GMT 2008
On Mon, May 5, 2008 at 10:08 PM, Mike Frysinger <vapier@gentoo.org> wrote:
> glibc follows the general redhat policy: only daemons that are networked are
> built as PIEs with SSP. that means only nscd is built as a PIE with SSP
> enabled. Hardened Gentoo takes a more extreme approach: build the entire
> system as PIEs with SSP.
Has anyone written up a quantitative report on the benefits of
building the whole system PIE + SSP?
Cheers,
Carlos.
More information about the Libc-help
mailing list