no more buffer overflows

Archaic archaic at indy.rr.com
Mon May 5 06:24:53 PDT 2003


On Mon, May 05, 2003 at 10:49:18AM +0200, Dan Osterrath wrote:
> http://people.redhat.com/mingo/exec-shield/
> 
> Here you can read the announce:
> http://people.redhat.com/mingo/exec-shield/ANNOUNCE-exec-shield

This looks sweet. One thing I noticed:

-----------------------------------------------------------------------
Note that the kernel will relocate every shared-library to the
ASCII-armor, but the binary address is determined at link-time. To ease
the relinking of applications to the ASCII-armor, Arjan Van de Ven has
written a binutils patch (binutils-2.13.90.0.18-elf-small.patch), which
adds a new 'ld' flag "ld -melf_i386_small" (or "gcc
-Wl,-melf_i386_small") to relink applications into the ASCII-armor. (The
patch can be found at he exec-shield URL as well.)
-----------------------------------------------------------------------

I can't figure out from that whether or not the binutils patch is
neccessary if you compile stuff _after_ switching to the patched kernel
(like building an LFS while running the patched kernel).

-- 
Archaic

-- 
Good intentions will always be pleaded for every assumption of
authority. It is hardly too strong to say that the Constitution was made
to guard the people against the dangers of good intentions. There are
men in all ages who mean to govern well, but they mean to govern. They
promise to be good masters, but they mean to be masters.

- Daniel Webster

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list