propolice for GCC?
Ryan Dooley
dooleyr at missouri.edu
Wed Dec 10 11:23:14 PST 2003
Hello,
> It is a modification of gcc not stack protection built into the kernel.
> Thats just showing the symbol inside the kernel binary, thus showing
> that the kernel was compiled with gcc that had the propolice modification.
> I can't think over any benefit from compiling the kernel with propolice,
> only
> from compiling userland items and libraries with it. I think it would be ok
> to build world with it by default but not on by default for everything else.
Why not have propolice build the kernel as well? If it catches a stack
overflow propolice should shut it down with the handler. This should
protect against LKM stack exploits (unless I'm really missing something
which would not be unusual :-)
> Since a new gcc is in the pipeline for the next few months has anyone
> looked at added these patches to gcc-3.3 or 3.4 ?
Yes, there are 3.3 patches available as well.
Cheers,
Ryan
More information about the Kernel
mailing list