Re: Expanding the list of "Hardened Packages"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Am 13.04.2013 19:46, schrieb Steve Grubb:
> http://people.redhat.com/sgrubb/files/rpm-chksec
> 
> To check a typical install and only get the packages that do not meet policy,
> ./rpm-chksec --all | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | egrep -w 'no|PACKAGE'
> 
> A small sample on F18:
> 
> PACKAGE                                             RELRO  PIE   CLASS
> abrt-addon-ccpp.x86_64                              yes    no    setuid        
> abrt.x86_64                                         yes    no    daemon        
> accountsservice.x86_64                              yes    no    daemon        
> acpid.x86_64                                        yes    no    daemon        
> agave.x86_64                                        no     yes   exec          
> akonadi.x86_64                                      yes    no    network-local 
> alsa-lib.x86_64                                     yes    no    network-ip    
> alsa-utils.x86_64                                   yes    no    network-ip    
> apg.x86_64                                          yes    no    daemon        
> arpwatch.x86_64                                     yes    no    daemon        
> 
> But it should be noted that the script does not identify parsers of untrusted
> media. This would be stuff like: gnash, ooffice, evince, poppler, firefox,
> konqueror, xchat, wireshark, eog, kmail, evolution, rpm, etc. I don't know how
> to automate that

which raises the question again:

would it be not the better way to build the whole distribution hardened
by expierience that nearly anything is exploitable over the long and
performance comes after security

performance would be increaded by many developers learning what to do to
prevent wasting ressources much more as do not ANY technique to make
things more secure  security is a concept of many pieces and each piece
makes the overall system better

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux