Expanding the list of "Hardened Packages"
Kevin Kofler
kevin.kofler at chello.at
Sun Mar 31 00:09:36 UTC 2013
Dhiru Kholia wrote:
> Any feedback is welcome!
My proposal: build ALL packages in Fedora with not only -fPIE and RELRO, but
also -fstack-protector-all (which is not included in the current hardened
cflags). Also get rid of prelink which reduces the effectiveness of ASLR.
Then drop SELinux which becomes obsolete if the executables cannot be
exploited in the first place. (It only papers over the real problem.)
Kevin Kofler
More information about the devel
mailing list