Am 13.04.2013 19:46, schrieb Steve Grubb: > http://people.redhat.com/sgrubb/files/rpm-chksec > > To check a typical install and only get the packages that do not meet policy, > ./rpm-chksec --all | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | egrep -w 'no|PACKAGE' > > A small sample on F18: > > PACKAGE RELRO PIE CLASS > abrt-addon-ccpp.x86_64 yes no setuid > abrt.x86_64 yes no daemon > accountsservice.x86_64 yes no daemon > acpid.x86_64 yes no daemon > agave.x86_64 no yes exec > akonadi.x86_64 yes no network-local > alsa-lib.x86_64 yes no network-ip > alsa-utils.x86_64 yes no network-ip > apg.x86_64 yes no daemon > arpwatch.x86_64 yes no daemon > > But it should be noted that the script does not identify parsers of untrusted > media. This would be stuff like: gnash, ooffice, evince, poppler, firefox, > konqueror, xchat, wireshark, eog, kmail, evolution, rpm, etc. I don't know how > to automate that which raises the question again: would it be not the better way to build the whole distribution hardened by expierience that nearly anything is exploitable over the long and performance comes after security performance would be increaded by many developers learning what to do to prevent wasting ressources much more as do not ANY technique to make things more secure security is a concept of many pieces and each piece makes the overall system better
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
