This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Tuesday 06 May 2008, Carlos O'Donell wrote: > On Mon, May 5, 2008 at 10:08 PM, Mike Frysinger <vapier@gentoo.org> wrote: > > glibc follows the general redhat policy: only daemons that are networked > > are built as PIEs with SSP. that means only nscd is built as a PIE with > > SSP enabled. Hardened Gentoo takes a more extreme approach: build the > > entire system as PIEs with SSP. > > Has anyone written up a quantitative report on the benefits of > building the whole system PIE + SSP? it's security. quantitative measuring of how secure things are really isnt doable. i dont recall ever coming across anything directly applicable/usable in my grad student work wrt security. plenty of researchers attempting to address the issue in a general non-specific matter, but that's about it. the redhat policy PIE/SSP addresses remote access, but it doesnt address local access. but that's because the redhat policy wrt local access involves selinux, not userspace technologies. -mike
Attachment:
signature.asc
Description: This is a digitally signed message part.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |