Improving security
Hans de Goede
j.w.r.degoede at hhs.nl
Thu Oct 14 10:52:38 UTC 2004
Hi,
I just read this interesting article on lwn:
http://lwn.net/Articles/106214/
(lwn subscriber only)
This talks about things like:
1 Stack Smash Protection
2 PAX (alternative Exec Shield)
3 Position Independent Executables.
Stack Smash Protection sounds like a cool feature to me. I don't know
what the performance impact is, but as a developer even if it is to slow
to use by default I would love to have it intergrated into the gcc
shipped by Fedora to make debugging easier.
PAX uses tricks to get a non executable stack, and assignes random
addresses to PIE executables, which Fedora already has in the form of
Exec Shield, good! But if I undertand it correctly PAX does more for
example also make data pages non executable, this might be something
worth looking into.
PIE we already have, good!
Regards,
Hans
More information about the fedora-devel-list
mailing list