Oh my god, don't do that! Your program will have a single aspect of randomness.
If you leave it as it is, it has 6 .so's with independent random placement, and 4 of them (sshd, ld.so, libc.so, and libcrypto.so) are randomly linked at boot. These independent randomness are an incomplete but strong mitigation against ROP attack methods. What you are trying to do is counter productive. Erling Westenvik <[email protected]> wrote: > Hi! > In the past, at least into several 6.x releases, I was able to produce a > statically linked sshd(8) binary like this: > > # cd /usr/src/usr.bin/ssh > # make clean > # make LDSTATIC=-static lib sshd > # strip /usr/src/usr.bin/ssh/sshd/sshd > > On a fresh 7.2 install however, the above won't do anymore. > > (It stops dead complaining about the "lib"-part in LDSTATIC=. When > trying without "lib" it goes on for a while but ends with complaints > about malloc-something. As you probabley understand by now, I'm not > exactly a wizard.. : ) > > Anyone up for outlining a simple "how-to"? > > Kind regards, > > Erling >
