Hardened compiling tactics...

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
Post Reply
User avatar
n0ctilucient
Shogun
Shogun
Posts: 424
Joined: 21 Apr 2017, 15:59
Distribution: fullmoonremix
Location: 127.0.0.1
Contact:

Hardened compiling tactics...

Post#1 by n0ctilucient » 25 May 2018, 17:31

For your pleasure, here's a couple of really interesting hardened compiling links...

https://security.stackexchange.com/ques ... piling-c-c
https://wiki.debian.org/Hardening#Notes ... on_Methods
Last edited by n0ctilucient on 16 Jun 2018, 21:22, edited 3 times in total.
:hmmm: I do NOT have the "right" to tell anyone what they should do...
but I reserve the "right" to tell them what they should "consider".

User avatar
brokenman
Site Admin
Site Admin
Posts: 5940
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil
Contact:

Compiling tactics...

Post#2 by brokenman » 25 May 2018, 23:10

The second one is OK but the first one is not interesting at all. It's five years old and talking about compiling flags.
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
n0ctilucient
Shogun
Shogun
Posts: 424
Joined: 21 Apr 2017, 15:59
Distribution: fullmoonremix
Location: 127.0.0.1
Contact:

Hardened compiling tactics...

Post#3 by n0ctilucient » 26 May 2018, 22:14

It's five years old and talking about compiling flags
Last time I checked... exploits don't have an "age limit" on the damage they inflict if you don't deploy defenses.
Also, what it "actually" talks about is... hardened compiling flags. Which is the subject this thread addresses.
the first one is not interesting at all
Correct... if you are NOT interested in "hardening". Which means... you must be interested in exploits :%)

I believe the title of the first link is called...
"What is the most hardened set of options for GCC compiling C/C++?"
Last edited by n0ctilucient on 21 Jun 2018, 02:26, edited 29 times in total.
:hmmm: I do NOT have the "right" to tell anyone what they should do...
but I reserve the "right" to tell them what they should "consider".

User avatar
n0ctilucient
Shogun
Shogun
Posts: 424
Joined: 21 Apr 2017, 15:59
Distribution: fullmoonremix
Location: 127.0.0.1
Contact:

Hardened compiling tactics...

Post#4 by n0ctilucient » 27 May 2018, 00:21

The other day I located some additional links including... a YouTube video
interviewing the creator of Alpine Linux explaining their compiling philosophy.

From my perspective...

If glibc (#1 choice of "Linux" blackhats exploiting Javascript in memory
from the Dark Net using assembler to target a running system in realtime)
and gcc (runtime) were hardened that would be half the battle.

An enormous amount of the exploits use these two vectors.

But just imagine, harden those vectors and throw in a microkernel...
that could create a combo that could beat Alpine @ their own game.

The result would exceed the best of Alpine and MINIX 3 (Intel Sky/Kaby Lake ME?) philosophy combined.

We are talking about... a hardened, enterprise level, realtime, self healing,
High availability , Mission critical , Fault-tolerant computer system

There are projects already doing this but unfortunately... none combine everything.

More to follow...
Last edited by n0ctilucient on 18 Jun 2018, 23:15, edited 1 time in total.
:hmmm: I do NOT have the "right" to tell anyone what they should do...
but I reserve the "right" to tell them what they should "consider".

User avatar
n0ctilucient
Shogun
Shogun
Posts: 424
Joined: 21 Apr 2017, 15:59
Distribution: fullmoonremix
Location: 127.0.0.1
Contact:

Hardened compiling tactics...

Post#5 by n0ctilucient » 18 Jun 2018, 23:14

:hmmm: I do NOT have the "right" to tell anyone what they should do...
but I reserve the "right" to tell them what they should "consider".

Post Reply