PIE is used in hardened gentoo, If PIE can't protect you against this, ssp at least could try to do it, this is the reason because -fstack-protector-all and -D_FORTIFY_SOURCE=2 are needed, and at least -fstack-protector-all is really extended in hardened gentoo.. as another security layer. .
2013/3/25, "Tóth Attila" <at...@atoth.sote.hu>: > Is gentoo-hardened better regarding the amount of unrandomized code > compared to other distros? > -- > dr Tóth Attila, Radiológus, 06-20-825-8057 > Attila Toth MD, Radiologist, +36-20-825-8057 > > 2013.Március 25.(H) 13:52 időpontban PaX Team ezt írta: >> On 25 Mar 2013 at 9:01, Kfir Lavi wrote: >> >>> Hi, >>> I'm looking for a way to reduce glibc code size. >>> It can be a way to make system smaller and minimize the impact >>> of attack vectors in glibc, as in return-to-libc attack. >> >> study this and draw your conclusions whether the whole exercise is >> worth it or not: >> >> https://www.usenix.org/conference/usenix-security-11/q-exploit-hardening-made-easy >> >> > > > >
