Explore compile-time hardening techniques for enhancing security in Linux systems through this 37-minute conference talk presented by ChulWoo Lee from The Affiliated Institute of ETRI. Delve into the importance of compile-time hardening, control flow hijacking, and various mitigation techniques. Gain insights into LLVM SafeStack and Control Flow Integrity (CFI) concepts. Learn how to rebuild security-critical program binaries, including Systemd packages, target packages, services, and setuid/setgid programs, with SafeStack and CFI implementations. Discover valuable lessons learned and practical conclusions for improving the security posture of Linux systems through compile-time hardening options.
Lessons Learned Applying Compile-time Hardening Options for Security-Critical Programs in Linux
Overview
Syllabus
Intro
Why Compile-time Hardening is important?
Control Flow Hijacking
Mitigation Techniques
The Concept of LLVM SafeStack
LLVM CFI
Security-Critical Program Binary
Rebuilding with Safestack and CFI
Rebuilding for Systemd Package
Checking security status of Systemd
Rebuilding for Target Packages
Rebuilding for Service
Rebuilding for setuid/setgid
Lessons Leamed
Conclusion
Taught by
Linux Foundation
