On Fri, Mar 29, 2013 at 10:08:37PM +0530, Dhiru Kholia wrote: > Hi, > > This proposal was originally at https://fedorahosted.org/fesco/ticket/1104 > > (mitr asked me to move the discussion to fedora-devel to get more > attention and feedback) > > ... > > http://fedoraproject.org/wiki/Hardened_Packages page mentions > that "FESCo requires some packages to use PIE and relro hardening by > default." > > It would be great if this list could be expanded to include even more > packages which are at comparatively more risk of being exploited (locally > or remotely). > > Such packages will typically include various system daemons, network > daemons and network enabled applications. Qemu is surely a good candidate for this. Although it's not network- accessible, it is accessible from the guests that it runs via its huge and ill-specified surface of emulated devices. > 1. Hardening flags should be turned on (by default) for all packages > which are at comparatively more risk of being exploited or which meet > some well-defined criteria (suggestions welcome). Is there somewhere which describes what to do / what flags to enable? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
