It's would be feasible to include Grsec RAP gcc plugin in gentoo hardened?
I think it would be a better alternative than fcf-protection does On 24/02/19 16:16, "Tóth Attila" wrote: > Dear Guillaume, > > I'm not a Gentoo Dev either. > > If there's a place to promote useful gcc flags from their security aspect, > Gentoo Hardened is a good place to become a leader of such efforts - like > it happened in the past. > > 1. Regarding fcf-protection: > "Currently the x86 GNU/Linux target provides an implementation based on > Intel Control-flow Enforcement Technology (CET)." > - anybody knows which Intel processor actually supports that since its > announcement in 2016? > - also it worth to take a look at on these comments by Spender @ grsecurity: > https://grsecurity.net/effectiveness_of_intel_cet_against_code_reuse_attacks.php > It would be good if hardware developers would discuss their plans with > more security experts before they put something into production. > > 2. Regarding stack-clash > "Most targets do not fully support stack clash protection." > - some information would be helpful to elaborate a little bit more on "not > fully" and exactly which targets we are talking about. Anybody has a more > detailed documentation? > > Best regards: > Dw. >
