New hardened build support (coming) in F16
Steve Grubb
sgrubb at redhat.com
Tue Aug 9 12:47:16 UTC 2011
On Tuesday, August 09, 2011 07:51:07 AM Matthew Garrett wrote:
> On Mon, Aug 08, 2011 at 11:16:12PM -0400, Steve Grubb wrote:
> > This list is woefully incomplete. I would advocate a much larger list.
> > For example, sudo is a very important program that we make security
> > claims about. It is not on that list.
>
> Because it's SUID.
? Its one in the target group.
> > I think there should have been some discussion about this on the FESCO
> > request I submitted. I have some concerns about what was implemented.
> > Are there bz filed for this or more discussion about it somewhere?
>
> We spent weeks discussing this. Where were you during the meetings?
Taking RHEL6 through common criteria and FIPS-140, filing dozens of security
bugs after studying some problems and sending patches. I am monitoring the
FESCO ticket, but I don't monitor fedora-devel all the time because there are
way too many arguments for my taste. Regardless, should there not have been
some hint about anything on the ticket? I responded to any review request for
the wiki page and such.
My main concern is that the macro will be misapplied and overall performance
will take a hit. I don't know how a macro can tell the intent of an
application as it links it. There has not been a chmod so that it knows this
is setuid and needs more protection. For example, if coreutils was built with
this (and coreutils seems to be correct as is) because it has setuid programs,
then would all apps get the PIE/Full RELRO treatment? If so, many of coreutils
apps are called constantly by shell scripts. If this were used on tcpdump,
would full relro leak to the libpcap? I suppose I could test this as soon as I
set up a rawhide vm...but this is what concerns me about the approach.
-Steve
More information about the devel
mailing list