|
version 1.33, 2017/11/07 02:37:43
|
version 1.34, 2017/11/07 02:38:59
|
|
Line 44 the meantime. This can happen in case of
|
Line 44 the meantime. This can happen in case of
|
| and therefore exposing these bugs. |
and therefore exposing these bugs. |
| |
|
| Different mitigation levels are available: |
Different mitigation levels are available: |
| |
|
| * the default ("yes"), which will only protect functions considered vulnerable |
* the default ("yes"), which will only protect functions considered vulnerable |
| by the compiler; |
by the compiler; |
| * "all", which will protect every function; |
* "all", which will protect every function; |
|
Line 56 for unsafe programming languages, such a
|
Line 57 for unsafe programming languages, such a
|
| It is enabled by default where known supported since pkgsrc-2017Q3. |
It is enabled by default where known supported since pkgsrc-2017Q3. |
| |
|
| More details can be found here: |
More details can be found here: |
| |
|
| * <https://en.wikipedia.org/wiki/Buffer_overflow_protection> |
* <https://en.wikipedia.org/wiki/Buffer_overflow_protection> |
| |
|
| ## Enabled by default in pkgsrc HEAD |
## Enabled by default in pkgsrc HEAD |
|
Line 82 This also makes the exploitation of some
|
Line 84 This also makes the exploitation of some
|
| difficult in some cases. |
difficult in some cases. |
| |
|
| Two different mitigation levels are available: |
Two different mitigation levels are available: |
| |
|
| * partial: the ELF sections are reordered so that internal data sections |
* partial: the ELF sections are reordered so that internal data sections |
| precede the program's own data sections, and non-PLT GOT is read-only; |
precede the program's own data sections, and non-PLT GOT is read-only; |
| * full: in addition to partial RELRO, every relocation is performed immediately |
* full: in addition to partial RELRO, every relocation is performed immediately |
|
Line 92 This is currently supported by GCC. Many
|
Line 95 This is currently supported by GCC. Many
|
| feature by default, at the "partial" level. |
feature by default, at the "partial" level. |
| |
|
| More details can be found here: |
More details can be found here: |
| |
|
| * <http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html> |
* <http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html> |
| |
|
| ### PKGSRC_USE_STACK_CHECK |
### PKGSRC_USE_STACK_CHECK |
![[BACK]](/icons/back.gif){kind=icon}
Return to hardening.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / pkgsrc