On Thu, 27 Jan 2005 18:06:02 -0600, Eric G Ortego <[EMAIL PROTECTED]> wrote: > On Wed, 26 Jan 2005 08:21:30 -0600, Andrew Baudouin <[EMAIL PROTECTED]> wrote: > > AFAIK Linux offers propolice, a stack protection mechanism. > > Its a gcc offer http://www.research.ibm.com/trl/projects/security/ssp/
Thanks for your attention to detail. ;) I'm sure you know that I understand the difference between the Gnu Compiler Collection and the kernel, it's just easier to refer to the OS containing the tools as Linux. > > Debian: http://wiki.debian-hardened.org/SSP/ProPolice_Implementations > Slackware: http://root.justdied.com/mylife/index.php?p=135 > FreeBSD: > http://www.research.ibm.com/trl/projects/security/ssp/buildfreebsd.html > OpenBSD: http://www.shiningsilence.com/dbsdlog/archives/000338.html > OpenDarwin: http://optimist.sdf-eu.org/propolice-darwin.html > on OpenBSD and DragonFly ProPolice is enabled by default That's two linux distributions. The others are not Linux. So, there are 2 other vendors besides gentoo that implement it. >> From personal experience I can tell you that building a desktop system > > with these security enhancements proved difficult if not impossible. > > O.o Slowly backaway from the keyboard.... > > > I seem to remember difficulties running any kind of X with > > propolice/PaX. Seems that it has been implemented in OpenBSD 3.3 and > > later.... > > My kids computer has been running hardened gentoo for at least a year > now, I have had no problems compileing with these protections enabled. > I have also not had much trouble useing ssp+pie protctions when > building uclibc based embedded systems. When I tried to build a system with these protections I couldn't build X. This was in early 2003 on a K7-SMP box. I don't doubt that things have changed since then.
