Improving security
Arjan van de Ven
arjanv at redhat.com
Thu Oct 14 15:09:55 UTC 2004
On Thu, 2004-10-14 at 06:52, Hans de Goede wrote:
> Stack Smash Protection sounds like a cool feature to me. I don't know
> what the performance impact is, but as a developer even if it is to slow
> to use by default I would love to have it intergrated into the gcc
> shipped by Fedora to make debugging easier.
you can use jakub's gcc 4 / glibc rpms and something like this too
>
> PAX uses tricks to get a non executable stack, and assignes random
> addresses to PIE executables, which Fedora already has in the form of
> Exec Shield, good! But if I undertand it correctly PAX does more for
> example also make data pages non executable, this might be something
> worth looking into.
execshield makes data pages also non executable
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20041014/efbbc8d7/attachment-0002.bin
More information about the devel
mailing list