On Sun, Mar 31, 2013 at 01:09:36AM +0100, Kevin Kofler wrote:
Dhiru Kholia wrote:
> Any feedback is welcome!
My proposal: build ALL packages in Fedora with not only -fPIE and RELRO, but
also -fstack-protector-all (which is not included in the current hardened
cflags). Also get rid of prelink which reduces the effectiveness of ASLR.
Then drop SELinux which becomes obsolete if the executables cannot be
exploited in the first place. (It only papers over the real problem.)
I know you're trolling here, but there are some misconceptions that
should be corrected:
(1) -fstack-protector{,-all} doesn't implement full bounds checking
for every C object.
(2) SELinux controls what labelled resources a process can access.
This covers far more than buffer overflows in C programs. It covers
other programming languages, design flaws and implementation 'thinko's
of all sorts. I would argue (separate from this) that it's good to
define precisely what resources a program can access, rather than the
default "access just about everything".
However prelink does reduce the effectiveness of ASLR (a bit). See
http://lwn.net/Articles/341440/ and follow-up conversation.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/