Hi,
if I understood it correctly, I have to re-compile all my apps of my linux box after patching my kernel with stack smashing protection and random address layout.
As I read, It seems that I need to replace my binutils with the patched version and I need a gcc-patch (the pro-police add-on?) -- is this correct too?
do I need to re-compile ALL apps?
3 posts
• Page 1 of 1
do I need to re-compile ALL apps?
by newbie123 » Wed Oct 11, 2006 7:41 am
- newbie123
- Posts: 1
- Joined: Wed Oct 11, 2006 7:31 am
by Thrawn » Wed Oct 11, 2006 8:47 am
Yes you have to recompile all packages with an ssp/pie patched gcc. Also binutils must be patched for pax flags.
I would suggest not to do it yourself but use a distro that does it per default, e.g Hardend Gentoo, Adamantix or hlfs.
I would suggest not to do it yourself but use a distro that does it per default, e.g Hardend Gentoo, Adamantix or hlfs.
- Thrawn
- Posts: 35
- Joined: Wed Nov 23, 2005 9:54 am
Re: do I need to re-compile ALL apps?
by PaX Team » Wed Oct 11, 2006 6:18 pm
for ssp (propolice) and PIE (randomizable main executable) you have to recompile, for PT_PAX_FLAGS you don't, the latest paxctl can add it to a binary directly (-C switch, that you should use after -c fails). ssp needs a gcc patch, PIE is supported by vanilla gcc these days (since 3.3+ or so), you no longer need the old trickery. as suggested above, you're probably better off by not rolling your own distro but use an existing one that provides all these features.newbie123 wrote:if I understood it correctly, I have to re-compile all my apps of my linux box after patching my kernel with stack smashing protection and random address layout.
As I read, It seems that I need to replace my binutils with the patched version and I need a gcc-patch (the pro-police add-on?) -- is this correct too?
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
3 posts
• Page 1 of 1