Plan for tomorrow's FESCo meeting (2011-06-21)
mitr at volny.cz
Thu Jun 23 15:11:09 UTC 2011
On Thu, Jun 23, 2011 at 10:54 AM, Richard W.M. Jones <rjones at redhat.com> wrote:
> On Wed, Jun 22, 2011 at 03:57:58PM -0400, Adam Jackson wrote:
>> * #563 suggested policy: all daemons must set RELRO and PIE flags
>> (ajax, 17:53:41)
>> * LINK: https://fedorahosted.org/fpc/ticket/93 (nirik, 17:54:34)
>> * ACTION: nirik to come up with guidelines for next week (ajax,
>> * ACTION: ajax to add relro to redhat-rpm-config (ajax, 18:07:16)
> The discussion in the ticket seems like it would only apply to
> programs written in C/C++, but it doesn't say this.
> Since other languages are usually much safer than C/C++ and the aim of
> this is security, it seems like we should explicitly exclude other
> languages from the requirement.
As long as there is a single exploitable module in the address space
(and there pretty much always is - libc or the language runtime),
having relro for all modules helps.
Anyway, redhat-rpm-config will probably set gcc flags, which excludes
other languages automatically - and I don't think this is really a
More information about the devel