Expanding the list of "Hardened Packages"
Jan Pokorný
jpokorny at redhat.com
Tue Apr 16 18:17:02 UTC 2013
On 15/04/13 10:10 -0400, Steve Grubb wrote:
> I would say there is a place for SE Linux even if we compiled everything with
> "all" because FORTIFY_SOURCE coverage is not absolute. For example, about a
> month ago i ran the following test:
>
> procs=`ls /proc | grep '^[0-9]' | sort -n`
> for p in $procs
> do
> res=`cat /proc/$p/maps 2>/dev/null | awk '$2 ~ "wx" { print $2 }'`
> if [ x"$res" != "x" ] ; then
> cat /proc/$p/cmdline | awk '{ printf "%-35s\t", $1 }'
> printf "%s\n" "$p"
> fi
> done
>
>
> What this does is display the programs with Writable and Executable memory.
> All Fedora desktops except Mate have WX memory. (I checked KDE, Gnome,
> Cinnamon, and Mate.)
FWIW, LXDE seems to be fine as well (if polkitd and firefox are not counted
in).
--
Jan
More information about the devel
mailing list