On Sun, Mar 31, 2013 at 01:09:36AM +0100, Kevin Kofler wrote:
Dhiru Kholia wrote:
Any feedback is welcome!
My proposal: build ALL packages in Fedora with not only -fPIE and RELRO, but also -fstack-protector-all (which is not included in the current hardened cflags). Also get rid of prelink which reduces the effectiveness of ASLR. Then drop SELinux which becomes obsolete if the executables cannot be exploited in the first place. (It only papers over the real problem.)
I know you're trolling here, but there are some misconceptions that should be corrected:
(1) -fstack-protector{,-all} doesn't implement full bounds checking for every C object.
(2) SELinux controls what labelled resources a process can access. This covers far more than buffer overflows in C programs. It covers other programming languages, design flaws and implementation 'thinko's of all sorts. I would argue (separate from this) that it's good to define precisely what resources a program can access, rather than the default "access just about everything".
However prelink does reduce the effectiveness of ASLR (a bit). See http://lwn.net/Articles/341440/ and follow-up conversation.
Rich.