Minimalist builds untested
Posted Aug 31, 2006 15:01 UTC (Thu) by
cventers (subscriber, #31465)
In reply to:
Minimalist builds untested by xoddam
Parent article:
Gentoo Linux 2006.1 released
Perhaps, but one thing I find interesting about building your system from
source (and then prelinking your magic blend) is that it would presumably
make things much more difficult for someone that wanted to inject
shellcode through an overflow vulnerability. If you want to target a
bunch of Linux systems, you can go after a distribution like Red Hat
where everyone is running exactly the same binaries.
In a world like Gentoo, though, they're running the same software, but
all with different combinations of features and load addresses. How do
write shellcode to jump to a different function in the app if everyone's
compiler has put the function at a different address or GOT offset, for
reasons of different compiler versions, USE flags, etc?
That doesn't alleviate the problem the way some other solutions (like
PaX) do, but I don't think that property could hurt at all -- certainly
not if our systems were facing a threat from a worm, for example.
(
Log in to post comments)
