On Fri, Mar 29, 2013 at 05:13:33PM +0000, Richard W.M. Jones wrote: > On Fri, Mar 29, 2013 at 10:08:37PM +0530, Dhiru Kholia wrote: > > Hi, > > > > This proposal was originally at https://fedorahosted.org/fesco/ticket/1104 > > > > (mitr asked me to move the discussion to fedora-devel to get more > > attention and feedback) > > > > ... > > > > http://fedoraproject.org/wiki/Hardened_Packages page mentions > > that "FESCo requires some packages to use PIE and relro hardening by > > default." > > > > It would be great if this list could be expanded to include even more > > packages which are at comparatively more risk of being exploited (locally > > or remotely). > > > > Such packages will typically include various system daemons, network > > daemons and network enabled applications. > > Qemu is surely a good candidate for this. Although it's not network- > accessible, it is accessible from the guests that it runs via its huge > and ill-specified surface of emulated devices. I'm running my own modified qemu package [qemu-1.4.0-5.fc20.x86_64] with hardening flags enabled. It seems to be working OK so far ... Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
