New hardened build support (coming) in F16

Jon Ciesla limb at jcomserv.net
Tue Aug 9 13:24:53 UTC 2011 

Steve Grubb wrote:
> On Tuesday, August 09, 2011 07:51:07 AM Matthew Garrett wrote:
>   
>> On Mon, Aug 08, 2011 at 11:16:12PM -0400, Steve Grubb wrote:
>>     
>>> This list is woefully incomplete. I would advocate a much larger list.
>>> For example, sudo is a very important program that we make security
>>> claims about. It is not on that list.
>>>       
>> Because it's SUID.
>>     
>
> ?  Its one in the target group.
>  
>
>   
>>> I think there should have been some discussion about this on the FESCO
>>> request I submitted. I have some concerns about what was implemented.
>>> Are there bz filed for this or more discussion about it somewhere?
>>>       
>> We spent weeks discussing this. Where were you during the meetings?
>>     
>
> Taking RHEL6 through common criteria and FIPS-140, filing dozens of security 
> bugs after studying some problems and sending patches. I am monitoring the 
> FESCO ticket, but I don't monitor fedora-devel all the time because there are 
> way too many arguments for my taste. Regardless, should there not have been 
> some hint about anything on the ticket? I responded to any review request for 
> the wiki page and such.
>
> My main concern is that the macro will be misapplied and overall performance 
> will take a hit. I don't know how a macro can tell the intent of an 
> application as it links it. 
The macro can't, but the maintainer can.  The maintainer is presumably 
capable of, and responsible for, assessing whether her package would be 
a good candidate for this, and if so, testing builds done with the 
macro.  Then if, performance is fine, on it goes.  If performance sucks, 
it doesn't.

-J


> There has not been a chmod so that it knows this 
> is setuid and needs more protection. For example, if coreutils was built with 
> this (and coreutils seems to be correct as is) because it has setuid programs, 
> then would all apps get the PIE/Full RELRO treatment? If so, many of coreutils 
> apps are called constantly by shell scripts. If this were used on tcpdump, 
> would full relro leak to the libpcap? I suppose I could test this as soon as I 
> set up a rawhide vm...but this is what concerns me about the approach.
>
> -Steve
>   


-- 
in your fear, seek only peace
in your fear, seek only love

-d. bowie

More information about the devel mailing list