New hardened build support (coming) in F16
Jon Ciesla
limb at jcomserv.net
Tue Aug 9 13:24:53 UTC 2011
Steve Grubb wrote:
> On Tuesday, August 09, 2011 07:51:07 AM Matthew Garrett wrote:
>
>> On Mon, Aug 08, 2011 at 11:16:12PM -0400, Steve Grubb wrote:
>>
>>> This list is woefully incomplete. I would advocate a much larger list.
>>> For example, sudo is a very important program that we make security
>>> claims about. It is not on that list.
>>>
>> Because it's SUID.
>>
>
> ? Its one in the target group.
>
>
>
>>> I think there should have been some discussion about this on the FESCO
>>> request I submitted. I have some concerns about what was implemented.
>>> Are there bz filed for this or more discussion about it somewhere?
>>>
>> We spent weeks discussing this. Where were you during the meetings?
>>
>
> Taking RHEL6 through common criteria and FIPS-140, filing dozens of security
> bugs after studying some problems and sending patches. I am monitoring the
> FESCO ticket, but I don't monitor fedora-devel all the time because there are
> way too many arguments for my taste. Regardless, should there not have been
> some hint about anything on the ticket? I responded to any review request for
> the wiki page and such.
>
> My main concern is that the macro will be misapplied and overall performance
> will take a hit. I don't know how a macro can tell the intent of an
> application as it links it.
The macro can't, but the maintainer can. The maintainer is presumably
capable of, and responsible for, assessing whether her package would be
a good candidate for this, and if so, testing builds done with the
macro. Then if, performance is fine, on it goes. If performance sucks,
it doesn't.
-J
> There has not been a chmod so that it knows this
> is setuid and needs more protection. For example, if coreutils was built with
> this (and coreutils seems to be correct as is) because it has setuid programs,
> then would all apps get the PIE/Full RELRO treatment? If so, many of coreutils
> apps are called constantly by shell scripts. If this were used on tcpdump,
> would full relro leak to the libpcap? I suppose I could test this as soon as I
> set up a rawhide vm...but this is what concerns me about the approach.
>
> -Steve
>
--
in your fear, seek only peace
in your fear, seek only love
-d. bowie
More information about the devel
mailing list