Expanding the list of "Hardened Packages"
Miloslav Trmač
mitr at volny.cz
Fri Apr 12 13:44:00 UTC 2013
On Thu, Apr 11, 2013 at 7:19 PM, Richard W.M. Jones <rjones at redhat.com>wrote:
> On Thu, Apr 11, 2013 at 05:19:46PM +0200, Miloslav Trmač wrote:
> > With the current setup, we get "mutating ASLR" when compiled as PIE,
>
> Surely ... you get "mutating ASLR" only when compiled as PIE
> *and* the server process restarts itself between each connection or at
> least on a regular basis (ie. it's a forking or pre-forking server, or
> the server is started on each connection by inetd/systemd)?
>
Yes - actually you need an execve(); merely forking does not change address
space layout.
Mirek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130412/e759d549/attachment.html>
More information about the devel
mailing list