This is an old revision of the document!


Owl security features

Kernel

Strong password cryptography

Network address based access control

Integrity checking

Address Space Layout Randomisation (ASLR)

Stack ASLR

...

NX bit

Mmap min address protection

Module loading

Userland

Source code review

Privileges

Configuration and administration facilities

====

GCC and glibc features

Stack Protector

Heap Protector

Non-Executable Memory

Fromat security

Fortify source

Position Independent Executable (PIE)

Relro and bind now

Owl packages built with these GCC features

Packages Fortify Stack protector PIE Relro Full relro
Pkg1

Use the checksec.sh shell script to check the mitigation techniques that are built on binaries. This script can also check some Linux kernel protection mechanisms.

Additional documentation

Owl/security.1301619755.txt · Last modified: 2011/04/01 03:02 by tixxdz
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux