Hi guys,
I convinced the company I work for to allow me to spend some time on reviewing
different security aspects of Linux OS and different distros. As it also
involves Gentoo Hardened (which I also happily use on a daily basis), I
thought I'd share. :)
http://labs.mwrinfosecurity.com/project
Hi, I think it's a bad day to make comparisons with hardened gentoo.
Hardened gentoo traditionally doesn't use only -fstack-protector as
ubuntu does and some others, it use -fstack-protector-all in
everywhere it could. It's an important difference. I think that the
actually ssp bug in the last ver
On Thu, 1 Jul 2010 08:46:11 +0100
Radoslaw Madej wrote:
> Hi guys,
>
> I convinced the company I work for to allow me to spend some time on
> reviewing different security aspects of Linux OS and different distros. As it
> also involves Gentoo Hardened (which I also happily use on a daily basis),
On Thursday 01 July 2010 09:16:17 you wrote:
> Hi, I think it's a bad day to make comparisons with hardened gentoo.
>
> Hardened gentoo traditionally doesn't use only -fstack-protector as
> ubuntu does and some others, it use -fstack-protector-all in
> everywhere it could. It's an important differ
On Thu, Jul 1, 2010 at 2:08 PM, Kyle Bader wrote:
>> Javier: good point, I haven't really considered the differences between the
>> use of fstack-protector and fstack-protector-all - maybe something to do in
>> the future. Would there be a way to find out which option was used on a given
>> binar
> Javier: good point, I haven't really considered the differences between the
> use of fstack-protector and fstack-protector-all - maybe something to do in
> the future. Would there be a way to find out which option was used on a given
> binary 'post mortem'? (read: after compilation? ;))
While i
On Thursday 01 July 2010 22:09:24 you wrote:
>
> Which was mentioned in TFA, my bad.
Yep, I'm well aware of this script as this was a base of a python script I
developed for this exercise - which apart from adding RELRO checks was meant
to do some stats automatically so I didn't have to do any
Here is the output of the script with gcc 4.4.4-r1.
sh checksec.sh --file /bin/grep
RELRO STACK CANARY NXPIE FILE
Full RELRO Canary found NX enabledPIE enabled
/bin/grep
On Thu, Jul 1, 2010 at 19:12, Radoslaw Madej wrote:
> On Thurs
Probably you could check if exists ssp related code in functions that hasn't
character arrays (AFAIK this is the difference between -fstack-protector
(doesn't protect them) and -fstack-protector-all). gdb could be your friend.
2010/7/1 Radoslaw Madej
> On Thursday 01 July 2010 09:16:17 you wrote
