Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Gentoo>
  3. Hardened
hardened experience in grsecurity forum
ps.m at gmx
Sep 26, 2004, 3:56 AM
Post #1 of 3 (1108 views)
Permalink
Hello!

On the 24. NeoMike answered to the thread
-is only grsecurity enough, or -fstack-protector

We could use those results too. I am really interested about the
experience w/ SSP and -O -O2 -O3 -O4+.
He says the best for hardened is -Os, the other optimizations "kill" SSP.

What do you think of this?

Peter

--
Peter S. Mazinger <ps dot m at gmx dot net> ID: 0xA5F059F2
Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2


____________________________________________________________________
Miert fizetsz az internetert? Korlatlan, ingyenes internet hozzaferes a FreeStarttol.
Probald ki most! http://www.freestart.hu

--
gentoo-hardened@gentoo.org mailing list
Re: hardened experience in grsecurity forum [ In reply to ]
solar at gentoo
Sep 26, 2004, 5:26 AM
Post #2 of 3 (1099 views)
Permalink
On Sun, 2004-09-26 at 06:56, Peter S. Mazinger wrote:
> Hello!
>
> On the 24. NeoMike answered to the thread
> -is only grsecurity enough, or -fstack-protector

Where is the reference thread? which list?

>
> We could use those results too. I am really interested about the
> experience w/ SSP and -O -O2 -O3 -O4+.
> He says the best for hardened is -Os, the other optimizations "kill" SSP.

Without knowing the the thread in question it's hard to make a guess as
to what he ment. But using the gcc optimization flag -O3 has been known
to be problematic with stack-smashing protector (SSP) in some
situations. This optimization flag is not encouraged by the hardened
team.

However on June 23 Etoh made a change to ssp which may of made the
optimizer when using -O3 not eliminate the protection instruments so
things may have changed.

>
> What do you think of this?
>
> Peter
--
Ned Ludd <solar@gentoo.org>
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer

Attached Files:

Re: hardened experience in grsecurity forum [ In reply to ]
ps.m at gmx
Sep 26, 2004, 5:46 AM
Post #3 of 3 (1078 views)
Permalink
On Sun, 26 Sep 2004, Ned Ludd wrote:

> On Sun, 2004-09-26 at 06:56, Peter S. Mazinger wrote:
> > Hello!
> >
> > On the 24. NeoMike answered to the thread
> > -is only grsecurity enough, or -fstack-protector
>
> Where is the reference thread? which list?

www.grsecurity.net in Forum (as I said in subject)

> >
> > We could use those results too. I am really interested about the
> > experience w/ SSP and -O -O2 -O3 -O4+.
> > He says the best for hardened is -Os, the other optimizations "kill" SSP.
>
> Without knowing the the thread in question it's hard to make a guess as
> to what he ment. But using the gcc optimization flag -O3 has been known
> to be problematic with stack-smashing protector (SSP) in some
> situations. This optimization flag is not encouraged by the hardened
> team.
>
> However on June 23 Etoh made a change to ssp which may of made the
> optimizer when using -O3 not eliminate the protection instruments so
> things may have changed.
>
> >
> > What do you think of this?
> >
> > Peter
>

--
Peter S. Mazinger <ps dot m at gmx dot net> ID: 0xA5F059F2
Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2


____________________________________________________________________
Miert fizetsz az internetert? Korlatlan, ingyenes internet hozzaferes a FreeStarttol.
Probald ki most! http://www.freestart.hu

--
gentoo-hardened@gentoo.org mailing list

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal