On Sun, Apr 14, 2013 at 01:43:05AM +0200, Kevin Kofler wrote:
Richard W.M. Jones wrote:
> I said it "doesn't implement full bounds checking for every C
> and I stand by that. I doesn't cover stack objects smaller than some
> cut-off size, nor any objects in static data or on the heap at all.
I never claimed it did. I said it prevents overwriting the return address on
the stack to execute arbitrary code. That's all it ever claimed to do.
What you actually said was:
"build ALL packages in Fedora with not only -fPIE and RELRO, but
also -fstack-protector-all (which is not included in the current hardened
cflags). Also get rid of prelink which reduces the effectiveness of ASLR.
Then drop SELinux which becomes obsolete if the executables cannot be
exploited in the first place. (It only papers over the real problem.)"
which I interpret to mean that after using -fstack-protector-all and
removing prelink, SELinux would become obsolete because no executable
can be exploited.
And there is no cutoff size with -fstack-protector-all.
Not true, there is still a small cutoff size and many types of object
not covered -- see Steve Grubb's email.
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org