Dear Wiki user, You have subscribed to a wiki page or wiki category on "Fedora Project Wiki" for change notification. The following page has been changed by KarstenWade: http://fedoraproject.org/wiki/Docs/Beats/Security?action=diff&rev2=53&rev1=52 The comment on the change is: fixing markup as per http://fedoraproject.org/wiki/WikiEditing#Marking_Technical_Terms ------------------------------------------------------------------------------ ==== FORTIFY_SOURCE extended to cover more functions ==== - [http://fedoraproject.org/wiki/Security/Features#head-2f26f1e8c2bc1b5d397cdcae042449ce07a6f51d FORTIFY_SOURCE] protection now covers {{{asprintf}}}, {{{dprintf}}}, {{{vasprintf}}}, {{{vdprintf}}}, {{{obstack_printf}}} and {{{obstack_vprintf}}}. This is particularly useful for application that use {{{glib2}}} library, as various functions from it use {{{vasprintf}}}. + [:Security/Features#FORTIFY_SOURCE:FORTIFY_SOURCE] protection now covers `asprintf`, `dprintf`, `vasprintf`, `vdprintf`, `obstack_printf` and `obstack_vprintf`. This is particularly useful for application that use `glib2` library, as various functions from it use `vasprintf`. ==== SELinux enhancements ==== - * Browser plugins wrapped with {{{nspluginwrapper}}} (which is the default) now run confined + * Browser plugins wrapped with `nspluginwrapper` (which is the default) now run confined * Different roles are now available, to allow fine-graining access control - * {{{guest_t}}} doesn't allow running setuid binaries, making network connections or using GUI + * `guest_t` doesn't allow running setuid binaries, making network connections or using GUI - * {{{xguest_t}}} disallows network access except for HTTP via web browser, no setuid binaries + * `xguest_t` disallows network access except for HTTP via web browser, no setuid binaries - * {{{user_t}}} is ideal for office users, prevents becoming root via setuid applications + * `user_t` is ideal for office users, prevents becoming root via setuid applications - * {{{staff_t}}} is same as {{{user_t}}}, except for root access via {{{sudo}}} is allowed + * `staff_t` is same as `user_t`, except for root access via `sudo` is allowed - * {{{unconfined_t}}} provides full access, same as without SELinux + * `unconfined_t` provides full access, same as without SELinux === General Information === -- Fedora-relnotes-content mailing list Fedora-relnotes-content@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-relnotes-content
