Dhiru Kholia wrote:
> Any feedback is welcome!
My proposal: build ALL packages in Fedora with not only -fPIE and RELRO, but
also -fstack-protector-all (which is not included in the current hardened
cflags). Also get rid of prelink which reduces the effectiveness of ASLR.
Then drop SELinux which becomes obsolete if the executables cannot be
exploited in the first place. (It only papers over the real problem.)
Kevin Kofler
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
