On 31/12/14 04:47 AM, Pierre Schmitz wrote:
> Am 26.12.2014 01:56, schrieb Allan McRae:
>> I am not in favour of using the hardening script because I don't find it
>> adheres to what we consider KISS. Our build system is supposed to be
>> simple and entirely transparent when looking at the PKGBUIL
Am 26.12.2014 01:56, schrieb Allan McRae:
I am not in favour of using the hardening script because I don't find
it
adheres to what we consider KISS. Our build system is supposed to be
simple and entirely transparent when looking at the PKGBUILD and
default
makepkg.conf. Any user can run "abs
On 26/12/14 12:01, Daniel Micay wrote:
> I'll continue waiting to see what happens with the GCC patches but I'm
> not too optimistic about that. The reasoning behind the rejection of the
> past bugs / patches was primarily that this should be handled in
> autotools (ignoring that most projects don'
On 25/12/14 07:56 PM, Allan McRae wrote:
>
> I'd guess it has a good change to be included in gcc-5.0. If it gets
> committed I can backport immediately.
>
> I am not in favour of using the hardening script because I don't find it
> adheres to what we consider KISS.
I can understand that. It wo
On 19/12/14 09:31, Daniel Micay wrote:
> The only real barrier to enabling it is the lack of support in GCC for
> simply flipping it on by default. Library code is already built with -fPIC
> and is then linked with -shared. Full ASLR requires building the executable
> code with -fPIE (or -fPIC, whi
> The problem is that it's important for anything doing networking, any
> executable with setuid/setcap/setgid and anything run by users on
> untrusted input like image viewers, text editors and tools like file and
> strings. If `python` or `ruby` isn't PIE, then it's trivial to exploit
> heap buff
On Thu, 18 Dec 2014 18:31:57 -0500
Daniel Micay wrote:
> Arch's single biggest security weakness is that it's not benefiting
> from address space layout randomization (ASLR). Fixing this issue
> would be a major step towards being a leader in this area. Many
> distributions enable ASLR, stack prot
On 21/12/14 06:44 PM, Allan McRae wrote:
> On 22/12/14 06:53, Daniel Micay wrote:
>
> Yet we have already rebuilt ALL packages since adding this default.The
> static libraries left have no shared coutnerpart.
Ah, I forgot that there was a rebuild for that already. They'd just need
to be rebuilt ag
On 22/12/14 06:53, Daniel Micay wrote:
> One more thing to note about this is that we'd need to do a rebuild of
> the remaining 186 packages with static libraries. In many cases, those
> libraries will probably just vanish thanks to the !staticlibs default.
Yet we have already rebuilt ALL packages
One more thing to note about this is that we'd need to do a rebuild of
the remaining 186 packages with static libraries. In many cases, those
libraries will probably just vanish thanks to the !staticlibs default.
Static libraries aren't currently built as position independent unless
they're meant
On 21/12/14 04:51 AM, Lukas Jirkovsky wrote:
> Hello Daniel,
> thank you for the detailed explanation.
>
>> The address of dynamic libraries, the stack and the heap (both sbrk and
>> the mmap base) is already randomized today so the backtrace is already
>> going to include randomized addresses for
Hello Daniel,
thank you for the detailed explanation.
> The address of dynamic libraries, the stack and the heap (both sbrk and
> the mmap base) is already randomized today so the backtrace is already
> going to include randomized addresses for anything defined in a library.
Sure, but knowing at
On 19/12/14 03:50 AM, Lukas Jirkovsky wrote:
>
> No matter how much I like the idea of making Arch more secure, there
> is one thing that makes compiling the whole system with ASLR one big
> no-go for me (please correct me if I'm wrong). As far as I know, the
> ASLR makes core dumps completely usel
On 19 December 2014 at 00:31, Daniel Micay wrote:
> Arch's single biggest security weakness is that it's not benefiting from
> address space layout randomization (ASLR). Fixing this issue would be a
> major step towards being a leader in this area. Many distributions enable
> ASLR, stack protector
Arch's single biggest security weakness is that it's not benefiting from
address space layout randomization (ASLR). Fixing this issue would be a
major step towards being a leader in this area. Many distributions enable
ASLR, stack protector, etc. for a chosen set of "security critical" stuff
but ve
15 matches
Mail list logo
