Expanding the list of "Hardened Packages"
Dhiru Kholia
dhiru.kholia at gmail.com
Sat Mar 30 03:24:30 UTC 2013
On Fri, Mar 29, 2013 at 10:43 PM, Richard W.M. Jones <rjones at redhat.com> wrote:
>
> On Fri, Mar 29, 2013 at 10:08:37PM +0530, Dhiru Kholia wrote:
> > 1. Hardening flags should be turned on (by default) for all packages
> > which are at comparatively more risk of being exploited or which meet
> > some well-defined criteria (suggestions welcome).
>
> Is there somewhere which describes what to do / what flags to enable?
http://wiki.debian.org/Hardening describes the various hardening flags.
"_hardened_build" rpm spec macro can be used to harden a package.
For an example, see
http://pkgs.fedoraproject.org/cgit/clamav.git/tree/clamav.spec
--
Dhiru
More information about the devel
mailing list