On Thu, Mar 01, 2012 at 12:01:12PM -0400, Joey Hess wrote:
> Moritz Muehlenhoff wrote:
> > 1. dpkg-buildflags exports hardened build flags. These hardened build
> > flags mitigate/nullify some classes of security vulnerabilities and
> > make exploitation of security problems more difficult.
>
> At least temporarily. Are you familiar with Return Oriented Programming
> and similar technologies for getting around these protections?
This is why everyone should run 64-bit systems and build with hardening
fully enabled:
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
In this situation, you've got NX for sure, full ASLR in a large memory
space, stack protector, and the libc fortifications in place. It'll
always be an arms race, but why knowingly be behind? :)
-Kees
--
Kees Cook @debian.org
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120302060021.gx3...@outflux.net
