Create an Account
username: password:
 
  MemeStreams Logo

GCC extension for protecting applications from stack-smashing attacks
search
Home Agent Weblogs Social Network Post Help About

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
GCC extension for protecting applications from stack-smashing attacks
Topic: Open Source Development 6:09 am EST, Mar  6, 2003

From Dagmar:
] Hey while I'm sitting here staring at it, here's something
] I think is pretty useful. It's a late descendant from all
] those non-executeable stack patches for gcc so you can
] build somewhat hardened binaries if you're not chronically
] addicted to rpms. This one seems to be the most reasonable
] to work with that I've seen as well. It doesn't require
] you to keep older copies of your compiler around, since you
] tell it to build protected binaries with a new -f argument
] (usually passed through CFLAGS).

Thoughts on RPM..

If you consider youself a serious admin, on any system that uses RPMs, and you can't work with SRPMs to the extent of being able to drop in patches and whatnot.. You are missing a key skillset. RPM foo is uber useful.

I keep the SRPMs handy for all the key software I'm using, so I can drop in quick patches, do quick rebuilds that are ready to push out to multiple machines, and make custom versions of stuff with ease.. I do like being able to lean on the vendor for quick updates, but I also like the ability to tweak/extend what they give me, and be able to carry along those changes. RPM is actually pretty good for this.. Its easy to drop in patches, rebuild, and push out new packages fast. My own personal rule is that if it sits on a port that any hostile networks (internet) can get at, I'm prepared to drop in patches and rebuild it at will..

There is a link on this to a page with patches and instructions for how to apply this to the RH62 RPMS. Its a simple process. You can adapt it to 7 or 8.. You can script it. Make it something you can kickstart. Etc. I've done similar.

That being said.. This is cool. I like this. I'm going to check it out.

I'm also glad to see Dagmar posting stuff.. :)

GCC extension for protecting applications from stack-smashing attacks

Thread [2] - Reply


  
 
Powered By Industrial Memetics		RSS2.0