MemeStreams | MemeStreams Discussion

Create an Account

This page contains all of the posts and discussion on MemeStreams referencing the following web page: GCC extension for protecting applications from stack-smashing attacks. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

GCC extension for protecting applications from stack-smashing attacks by Dagmar at 2:01 am EST, Mar 6, 2003
Hey while I'm sitting here staring at it, here's something I think is pretty useful. It's a late descendant from all those non-executeable stack patches for gcc so you can build somewhat hardened binaries if you're not chronically addicted to rpms. This one seems to be the most reasonable to work with that I've seen as well. It doesn't require you to keep older copies of your compiler around, since you tell it to build protected binaries with a new -f argument (usually passed through CFLAGS).
Link - Reply

GCC extension for protecting applications from stack-smashing attacks
by Rattle at 6:09 am EST, Mar 6, 2003

From Dagmar:
] Hey while I'm sitting here staring at it, here's something
] I think is pretty useful. It's a late descendant from all
] those non-executeable stack patches for gcc so you can
] build somewhat hardened binaries if you're not chronically
] addicted to rpms. This one seems to be the most reasonable
] to work with that I've seen as well. It doesn't require
] you to keep older copies of your compiler around, since you
] tell it to build protected binaries with a new -f argument
] (usually passed through CFLAGS).

Thoughts on RPM..

If you consider youself a serious admin, on any system that uses RPMs, and you can't work with SRPMs to the extent of being able to drop in patches and whatnot.. You are missing a key skillset. RPM foo is uber useful.

I keep the SRPMs handy for all the key software I'm using, so I can drop in quick patches, do quick rebuilds that are ready to push out to multiple machines, and make custom versions of stuff with ease.. I do like being able to lean on the vendor for quick updates, but I also like the ability to tweak/extend what they give me, and be able to carry along those changes. RPM is actually pretty good for this.. Its easy to drop in patches, rebuild, and push out new packages fast. My own personal rule is that if it sits on a port that any hostile networks (internet) can get at, I'm prepared to drop in patches and rebuild it at will..

There is a link on this to a page with patches and instructions for how to apply this to the RH62 RPMS. Its a simple process. You can adapt it to 7 or 8.. You can script it. Make it something you can kickstart. Etc. I've done similar.

That being said.. This is cool. I like this. I'm going to check it out.

I'm also glad to see Dagmar posting stuff.. :)