From mboxrd@z Thu Jan  1 00:00:00 1970
From: voices <voices@metallicrain.com>
Subject: Re: -fpie or ssp (IBM stack hardening)
Date: Wed, 09 Feb 2005 21:03:08 +0100
Message-ID: <cudtni$aqs$1@sea.gmane.org>
References: <1107957106.9884.192.camel@master.vms.security> <420A6E75.60203@hub.net.nz>
Reply-To: voices@metallicrain.com
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
In-Reply-To: <420A6E75.60203@hub.net.nz>
Sender: xen-devel-admin@lists.sourceforge.net
Errors-To: xen-devel-admin@lists.sourceforge.net
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.sourceforge.net>
List-Help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
To: xen-devel@lists.sourceforge.net
List-Id: xen-devel@lists.xenproject.org

Jerome Brown wrote:
> B.G. Bruce wrote:
> 
>>Has anyone looked into how compatible XEN is with pie (-fpie) or ssp?
> 

Yes, I've tried it on gentoo-hardened with PIE(ET_DYN)/SSP.
I works without any problems.

But .. Is there any other purpose in compiling the system as PIE, other 
than for using PaX ?

Unfortunately, nobody is porting PaX to XEN ... very bad, especially if 
we're talking about secure systems.

Lack of PaX for XEN prevents me from using xen on my servers.

-- 
voices (at) metallicrain (dot) com



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click