Expanding the list of "Hardened Packages"
Steve Grubb
sgrubb at redhat.com
Sun Apr 14 01:37:14 UTC 2013
On Saturday, April 13, 2013 12:28:04 PM Jerry James wrote:
> > I have not run the script that checks a distribution on F19 yet, so maybe
> > there are more?
> >
> > http://people.redhat.com/sgrubb/files/rpm-chksec
>
> That script reports all .o files (yes, those are sometimes packaged)
> as "exec no no", with a red "no" in the RELRO column. But RELRO
> doesn't make any sense for a .o, so perhaps that should be a green
> "N/A" instead.
Probably. But it has caught a few packages that did not even know they were
shipping .o files and they removed them right away. That's a tough one. I can
probably fix it to reclassify them not as an exec and that would make the
triage easier.
-Steve
More information about the devel
mailing list