------------------------------------------------------------------------------ The Gentoo Hardened Multi Layered Security Approach ------------------------------------------------------------------------------ PIE - (Position Independent Executables) Formerly referred as etdyn are binaries are built in a way that allows their address space in memory to be randomized by the host operating system at runtime. One of the advantages in this is that symbols defined in the executable image cannot be overridden by shared libraries. Position independence is in contrast to regular application code, which is always loaded at the same virtual address and therefore providing predictable addresses for possible common exploits. SSP - (Stack Smashing Protection) Formerly known as ProPolice is perhaps one of the most sophisticated yet simplistic protective compiler technologies to date which makes use of canary values by rearranging local variables and function pointers. When ssp is enabled it can prevent many forms of the common return-to-libc attack. ASLR - (Address Space Layout Randomizations) ASLR is the kernel side implementation of address randomization, and can randomize a position independent executables memory space. ASLR can be used without PIE, but results in a performance hit. This means that protecting against the return-to-libc style attack (in case the information about the randomization can leak to the attacker) requires more advanced approaches. ASLR functionality can be found in PaX (pax.grsecurity.net), which is included in several Gentoo kernels, and also along with GRSecurity/(grsec-sources). - Team Gentoo Hardened - (2004) - http://hardened.gentoo.org Alexander Gabert Ned Ludd Brandon Hale John Davis ... The hardened team would like to thank The PaX Team, Brad Spengler and Hiroaki Etoh for there contributions to the security community and for giving us the framework to offer one of the strongest security solutions to date. Additional thanks go to all the people from #gentoo-hardened on irc.freenode.net that helped out along the way.