nigelenki at comcast
Sep 22, 2004, 8:54 AM
-----BEGIN PGP SIGNED MESSAGE-----
Stack smash protected daemons
It may be prudent to use extra protection on certain ebuilds in standard
Gentoo profiles where the changes would be significant in the case of a
security fault in the program. Such programs as daemons and chmod()+s
programs would be major targets for this sort of thing.
The most immediately apparent route to take would be to have ebuilds
such as openssh, apache, and su stack smash protected. This would
prevent common buffer overflow attacks from being used to compromise
security; such attacks would only cause the program attacked to abort,
which could still be used as a Denial of Service attack, but would not
allow successful intrusion.
Gentoo ships gcc with stack smash protection built in. This is
activated by -fstack-protector or -fstack-protector-all. It would be
feasible to add one of these flags to an ebuild based on a FEATURES or
I believe it would be a good idea to have such a FEATURES or USE flag on
by default in all profiles where SSP is supported. In this manner, the
major targets of security attacks would automatically be protected;
while still allowing the user to disable the protection if the user
desires. Users wanting more protection can simply add -fstack-protector
to CFLAGS, or use Hardened Gentoo.
Any comments? Would this be more suitable as a USE or a FEATURES setting?
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
gentoo-security [at] gentoo mailing list