Re: Expanding the list of "Hardened Packages"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 29, 2013 at 10:08:37PM +0530, Dhiru Kholia wrote:
> Hi,
> 
> This proposal was originally at https://fedorahosted.org/fesco/ticket/1104
> 
> (mitr asked me to move the discussion to fedora-devel to get more
> attention and feedback)
> 
> ...
> 
> http://fedoraproject.org/wiki/Hardened_Packages page mentions
> that "FESCo requires some packages to use PIE and relro hardening by
> default."
> 
> It would be great if this list could be expanded to include even more
> packages which are at comparatively more risk of being exploited (locally
> or remotely).
>
> Such packages will typically include various system daemons, network
> daemons and network enabled applications.

Qemu is surely a good candidate for this.  Although it's not network-
accessible, it is accessible from the guests that it runs via its huge
and ill-specified surface of emulated devices.

> 1. Hardening flags should be turned on (by default) for all packages
> which are at comparatively more risk of being exploited or which meet
> some well-defined criteria (suggestions welcome).

Is there somewhere which describes what to do / what flags to enable?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux