Hi,
I just read this interesting article on lwn: http://lwn.net/Articles/106214/ (lwn subscriber only)
This talks about things like: 1 Stack Smash Protection 2 PAX (alternative Exec Shield) 3 Position Independent Executables.
Stack Smash Protection sounds like a cool feature to me. I don't know what the performance impact is, but as a developer even if it is to slow to use by default I would love to have it intergrated into the gcc shipped by Fedora to make debugging easier.
PAX uses tricks to get a non executable stack, and assignes random addresses to PIE executables, which Fedora already has in the form of
Exec Shield, good! But if I undertand it correctly PAX does more for example also make data pages non executable, this might be something worth looking into.
PIE we already have, good!
Regards,
Hans
