Re: Expanding the list of "Hardened Packages"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 29, 2013 at 05:13:33PM +0000, Richard W.M. Jones wrote:
> On Fri, Mar 29, 2013 at 10:08:37PM +0530, Dhiru Kholia wrote:
> > Hi,
> > 
> > This proposal was originally at https://fedorahosted.org/fesco/ticket/1104
> > 
> > (mitr asked me to move the discussion to fedora-devel to get more
> > attention and feedback)
> > 
> > ...
> > 
> > http://fedoraproject.org/wiki/Hardened_Packages page mentions
> > that "FESCo requires some packages to use PIE and relro hardening by
> > default."
> > 
> > It would be great if this list could be expanded to include even more
> > packages which are at comparatively more risk of being exploited (locally
> > or remotely).
> >
> > Such packages will typically include various system daemons, network
> > daemons and network enabled applications.
> 
> Qemu is surely a good candidate for this.  Although it's not network-
> accessible, it is accessible from the guests that it runs via its huge
> and ill-specified surface of emulated devices.

I'm running my own modified qemu package [qemu-1.4.0-5.fc20.x86_64]
with hardening flags enabled.  It seems to be working OK so far ...

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux