compiler hardening in Ubuntu and Debian « codeblog
Back in 2006, the compiler in Ubuntu was patched to enable most build-time security-hardening features (relro, stack protector, fortify source). I wasn’t able to convince Debian to do the same, so Debian went the route of other distributions, adding security hardening flags during package builds only. I remain disappointed in this approach, because it means that someone who builds software without
clean module disabling « codeblog
I think I found a way to make disabling kernel module loading (via /proc/sys/kernel/modules_disabled) easier for server admins. Right now there’s kind of a weird problem on some distros where reading /etc/modules races with reading /etc/sysctl.{conf,d}. In these cases, you can’t just put “kernel.modules_disabled=1” in the latter since you might not have finished loading modules from /etc/modules.
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
-fstack-protector-strong « codeblog
DOM scraping « codeblog
live patching the kernel « codeblog
Thanks UPS « codeblog
TPM providing /dev/hwrng « codeblog
Hardy is end of life « codeblog
facedancer built « codeblog
product search in Ubuntu 12.10 « codeblog
ARM assembly « codeblog
Link restrictions released in Linux 3.6 « codeblog
USB AVR fun « codeblog
keeping your process unprivileged « codeblog
seccomp filter now in Ubuntu « codeblog
discard, hole-punching, and TRIM « codeblog
kvm and product_uuid « codeblog
use of ptrace « codeblog
fixing vulnerabilities with systemtap « codeblog
abusing the FILE structure « codeblog