-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
On 01.03.2012 17:01, Joey Hess wrote: > Moritz Muehlenhoff wrote: >> 1. dpkg-buildflags exports hardened build flags. These hardened >> build flags mitigate/nullify some classes of security >> vulnerabilities and make exploitation of security problems more >> difficult. > > At least temporarily. Are you familiar with Return Oriented > Programming and similar technologies for getting around these > protections? ASLR and similar technologies can further mitigate effects of return-to-libc and type of attacks. That would lead us back to the grsecurity/PaX discussion we had a few weeks ago. The vanilla kernel itself has some ASLR protection as well, although I think it is still not enabled by default in Debian (and is perhaps weaker than PaX). - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPT63aAAoJEMcrUe6dgPNtkvcP/0WYSZkPKv04VQFS9ljgO+qP wLtSXvOYvIoizIzwylhY+hkSzHVCJdOBoLM43WVaM4SKDcr6DXC9CUtdkVJ36mm6 gG1CUpBo3GggDk5RTPXUkJAOld4uvjfRuB6LeDo5bXRqX9az2QSuSc3nr1r35Jx9 ICsXKIm/q9ECakxarPtVNXWQi7Y6UQVDfZ9ZElnya9Q3E97096DAhWwtp9NjQKRx y5e93uhBB6zSxmfMoXCjB4zkSGPIuN0SYfdQevPYRPxLGPl/ImoBRWQVMRZ8gdrG nfPQh5A/pWfaqzHzcEWJyY0KNd/FPpL3LvOcznUg49kdb73JhRVcLAz6u4dBlBpo cuxIrnBnP35KeMYjE9QuMr8gZRTixg/4oJ/X7cuGlQqzZc0zVHMt4UepG60a50Zw 1bhhs+3NvbrFa3KNl5QSoOxdYeD/Ix6QqbwdtDbiwHQ2frSbfZzvYi4ouS5Tij4f qKzN2v3N+z1tX4g2Ke1JBEXkkxGljmpV/4saEkHVVBNJ5sY+kzkiWaMwbZAgGS/5 CVhtgEKO9s3Tj9XbV3cMtzmZJCvg9OJMRFC9XXvBVdTKf+TovNZuu5Kxxr1urasp AXe1YhzA8yTlcQr/XwZg8kjeeO5Dje5DMeJtDKDiZ22HProMk5138hlBriwIwery VoMBm+kGED44ev/Qpi9F =SBxE -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f4fadda.9080...@toell.net