On Wed, 26 Jan 2005 08:21:30 -0600, Andrew Baudouin <[EMAIL PROTECTED]> wrote: > AFAIK Linux offers propolice, a stack protection mechanism.
Its a gcc offer http://www.research.ibm.com/trl/projects/security/ssp/ > It is well implemented under the Gentoo platform. Not sure about which > other distributions currently offer implementations of this security > technique. Debian: http://wiki.debian-hardened.org/SSP/ProPolice_Implementations Slackware: http://root.justdied.com/mylife/index.php?p=135 FreeBSD: http://www.research.ibm.com/trl/projects/security/ssp/buildfreebsd.html OpenBSD: http://www.shiningsilence.com/dbsdlog/archives/000338.html OpenDarwin: http://optimist.sdf-eu.org/propolice-darwin.html on OpenBSD and DragonFly ProPolice is enabled by default > >From personal experience I can tell you that building a desktop system > with these security enhancements proved difficult if not impossible. O.o Slowly backaway from the keyboard.... > I seem to remember difficulties running any kind of X with > propolice/PaX. Seems that it has been implemented in OpenBSD 3.3 and > later.... My kids computer has been running hardened gentoo for at least a year now, I have had no problems compileing with these protections enabled. I have also not had much trouble useing ssp+pie protctions when building uclibc based embedded systems.
