[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Improving security


I just read this interesting article on lwn:
(lwn subscriber only)

This talks about things like:
1 Stack Smash Protection
2 PAX (alternative Exec Shield)
3 Position Independent Executables.

Stack Smash Protection sounds like a cool feature to me. I don't know what the performance impact is, but as a developer even if it is to slow to use by default I would love to have it intergrated into the gcc shipped by Fedora to make debugging easier.

PAX uses tricks to get a non executable stack, and assignes random addresses to PIE executables, which Fedora already has in the form of
Exec Shield, good! But if I undertand it correctly PAX does more for example also make data pages non executable, this might be something worth looking into.

PIE we already have, good!



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]