On Sun, Mar 31, 2013 at 5:11 PM, Richard W.M. Jones <rjones@redhat.com> wrote:
On Sun, Mar 31, 2013 at 01:09:36AM +0100, Kevin Kofler wrote:
> Dhiru Kholia wrote:
> > Any feedback is welcome!
> My proposal: build ALL packages in Fedora with not only -fPIE and RELRO, but
> also -fstack-protector-all (which is not included in the current hardened
> cflags). Also get rid of prelink which reduces the effectiveness of ASLR.
> Then drop SELinux which becomes obsolete if the executables cannot be
> exploited in the first place. (It only papers over the real problem.)

I know you're trolling here, but there are some misconceptions that
should be corrected:

(1) -fstack-protector{,-all} doesn't implement full bounds checking
for every C object.

(2) SELinux controls what labelled resources a process can access.
This covers far more than buffer overflows in C programs.  It covers
other programming languages, design flaws and implementation 'thinko's
of all sorts.  I would argue (separate from this) that it's good to
define precisely what resources a program can access, rather than the
default "access just about everything".

However prelink does reduce the effectiveness of ASLR (a bit).  See
http://lwn.net/Articles/341440/ and follow-up conversation.

Probably something had changed in the last years. I have posted the same question, or related, some time ago