Re: Expanding the list of "Hardened Packages"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dhiru Kholia wrote:
> Any feedback is welcome!

My proposal: build ALL packages in Fedora with not only -fPIE and RELRO, but 
also -fstack-protector-all (which is not included in the current hardened 
cflags). Also get rid of prelink which reduces the effectiveness of ASLR. 
Then drop SELinux which becomes obsolete if the executables cannot be 
exploited in the first place. (It only papers over the real problem.)

        Kevin Kofler

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux