I was wondering if the hardened profile from Gentoo was really more secure than any other distro (like Debian, RHEL, Arch ...). For those who don't know, Gentoo hardened allows a system to be built system-wide with specific hardening GCC options (pie, ssp, relro, ...) and other few things (grsec/selinux ...).
For example, I know Arch Linux does not build all binaries with those GCC hardening flags, so does it imply some sort of concern about security?
I know OpenVPN is built without PIE and partial relro. Does this mean that if an exploit is found against OpenVPN, an Arch installation may be less secure than a Gentoo one?
TL;DR: is it a real advantage using Gentoo Hardened over any other distro in terms of security of binaries?
http://dlvr.it/S0DCnj
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment