Page 1 of 1

Hardened compiling tactics...

Posted: 25 May 2018, 17:31
by n0ctilucient
For your pleasure, here's a couple of really interesting hardened compiling links... ... piling-c-c ... on_Methods

Compiling tactics...

Posted: 25 May 2018, 23:10
by brokenman
The second one is OK but the first one is not interesting at all. It's five years old and talking about compiling flags.

Hardened compiling tactics...

Posted: 26 May 2018, 22:14
by n0ctilucient
It's five years old and talking about compiling flags
Last time I checked... exploits don't have an "age limit" on the damage they inflict if you don't deploy defenses.
Also, what it "actually" talks about is... hardened compiling flags. Which is the subject this thread addresses.
the first one is not interesting at all
Correct... if you are NOT interested in "hardening". Which means... you must be interested in exploits :%)

I believe the title of the first link is called...
"What is the most hardened set of options for GCC compiling C/C++?"

Hardened compiling tactics...

Posted: 27 May 2018, 00:21
by n0ctilucient
The other day I located some additional links including... a YouTube video
interviewing the creator of Alpine Linux explaining their compiling philosophy.

From my perspective...

If glibc (#1 choice of "Linux" blackhats exploiting Javascript in memory
from the Dark Net using assembler to target a running system in realtime)
and gcc (runtime) were hardened that would be half the battle.

An enormous amount of the exploits use these two vectors.

But just imagine, harden those vectors and throw in a microkernel...
that could create a combo that could beat Alpine @ their own game.

The result would exceed the best of Alpine and MINIX 3 (Intel Sky/Kaby Lake ME?) philosophy combined.

We are talking about... a hardened, enterprise level, realtime, self healing,
High availability , Mission critical , Fault-tolerant computer system

There are projects already doing this but unfortunately... none combine everything.

More to follow...

Hardened compiling tactics...

Posted: 18 Jun 2018, 23:14
by n0ctilucient