On Sun, Mar 31, 2013 at 01:09:36AM +0100, Kevin Kofler wrote:I know you're trolling here, but there are some misconceptions that
> Dhiru Kholia wrote:
> > Any feedback is welcome!
>
> My proposal: build ALL packages in Fedora with not only -fPIE and RELRO, but
> also -fstack-protector-all (which is not included in the current hardened
> cflags). Also get rid of prelink which reduces the effectiveness of ASLR.
> Then drop SELinux which becomes obsolete if the executables cannot be
> exploited in the first place. (It only papers over the real problem.)
should be corrected:
(1) -fstack-protector{,-all} doesn't implement full bounds checking
for every C object.
(2) SELinux controls what labelled resources a process can access.
This covers far more than buffer overflows in C programs. It covers
other programming languages, design flaws and implementation 'thinko's
of all sorts. I would argue (separate from this) that it's good to
define precisely what resources a program can access, rather than the
default "access just about everything".
However prelink does reduce the effectiveness of ASLR (a bit). See
http://lwn.net/Articles/341440/ and follow-up conversation.