[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hardening (was: Re: tor: update to 0.2.9.9)
From: |
ng0 |
Subject: |
Re: Hardening (was: Re: tor: update to 0.2.9.9) |
Date: |
Tue, 24 Jan 2017 21:18:55 +0000 |
ng0 <address@hidden> writes:
> Leo Famulari <address@hidden> writes:
>
>> On Tue, Jan 24, 2017 at 08:56:48PM +0000, ng0 wrote:
>>> Leo Famulari <address@hidden> writes:
>>> > Should we build Tor with "--enable-expensive-hardening"?
>>>
>>> I will take a look later what can be applied other than the
>>> default configure flags.
>>>
>>> I'm all for hardening, but it seems that the first basic ideas
>>> for Guix are stuck in the idea state.
>>
>> As far as I can tell, --enable-expensive-hardening is specific to Tor,
>> so it's not relevant to the project of hardening all Guix packages.
>
> Yes.
>
> I'm building this change right now:
>
> + (arguments
> + `(#:configure-flags (list "--enable-expensive-hardening"
> + "--enable-gcc-hardening"
> + "--enable-linker-hardening")))
>
> Taken from Gentoo, I trust their hardening project to debug and
> discover good usage.
>
>>> It would be great to see some movement on this during this
>>> year. I volunteer to help with it, though I don't have as much
>>> experience with SELinux (and only basic experience with
>>> GrSecurity without a modular kernel like GuixSD uses).
>>
>> Yes, this effort needs a champion.
No, I would say this needs an effort of more than one person. At
best a team of people who either are willing to learn about
system hardening or already know enough, maybe even a combination
of both to share knowledge :)
--
♥Ⓐ ng0 -- https://www.inventati.org/patternsinthechaos/
- tor: update to 0.2.9.9, contact . ng0, 2017/01/24
- [PATCH] gnu: tor: Update to 0.2.9.9., contact . ng0, 2017/01/24
- Re: tor: update to 0.2.9.9, Leo Famulari, 2017/01/24
- Hardening (was: Re: tor: update to 0.2.9.9), ng0, 2017/01/24
- Re: Hardening (was: Re: tor: update to 0.2.9.9), Leo Famulari, 2017/01/24
- Re: Hardening (was: Re: tor: update to 0.2.9.9), ng0, 2017/01/24
- Re: Hardening (was: Re: tor: update to 0.2.9.9),
ng0 <=
- Re: Hardening (was: Re: tor: update to 0.2.9.9), Leo Famulari, 2017/01/24
- Re: Hardening (was: Re: tor: update to 0.2.9.9), ng0, 2017/01/24
- Re: Hardening (was: Re: tor: update to 0.2.9.9), ng0, 2017/01/24
- Re: Hardening, Ludovic Courtès, 2017/01/25
- Re: Hardening, ng0, 2017/01/30
- Re: Hardening, ng0, 2017/01/30
- Re: Hardening (was: Re: tor: update to 0.2.9.9), Ricardo Wurmus, 2017/01/25
- Re: Hardening, ng0, 2017/01/25