From: ng0 <contact.ng0@cryptolab.net>
To: guix-devel@gnu.org
Subject: Re: Hardening (was: Re: tor: update to 0.2.9.9)
Date: Tue, 24 Jan 2017 21:18:55 +0000 [thread overview]
Message-ID: <8760l42m2o.fsf@wasp.i-did-not-set--mail-host-address--so-tickle-me> (raw)
In-Reply-To: <878tq02mij.fsf@wasp.i-did-not-set--mail-host-address--so-tickle-me>
ng0 <contact.ng0@cryptolab.net> writes:
> Leo Famulari <leo@famulari.name> writes:
>
>> On Tue, Jan 24, 2017 at 08:56:48PM +0000, ng0 wrote:
>>> Leo Famulari <leo@famulari.name> writes:
>>> > Should we build Tor with "--enable-expensive-hardening"?
>>>
>>> I will take a look later what can be applied other than the
>>> default configure flags.
>>>
>>> I'm all for hardening, but it seems that the first basic ideas
>>> for Guix are stuck in the idea state.
>>
>> As far as I can tell, --enable-expensive-hardening is specific to Tor,
>> so it's not relevant to the project of hardening all Guix packages.
>
> Yes.
>
> I'm building this change right now:
>
> + (arguments
> + `(#:configure-flags (list "--enable-expensive-hardening"
> + "--enable-gcc-hardening"
> + "--enable-linker-hardening")))
>
> Taken from Gentoo, I trust their hardening project to debug and
> discover good usage.
>
>>> It would be great to see some movement on this during this
>>> year. I volunteer to help with it, though I don't have as much
>>> experience with SELinux (and only basic experience with
>>> GrSecurity without a modular kernel like GuixSD uses).
>>
>> Yes, this effort needs a champion.
No, I would say this needs an effort of more than one person. At
best a team of people who either are willing to learn about
system hardening or already know enough, maybe even a combination
of both to share knowledge :)
--
♥Ⓐ ng0 -- https://www.inventati.org/patternsinthechaos/
next prev parent reply other threads:[~2017-01-24 21:17 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-24 11:19 tor: update to 0.2.9.9 contact.ng0
2017-01-24 11:19 ` [PATCH] gnu: tor: Update " contact.ng0
2017-01-24 19:06 ` Leo Famulari
2017-01-24 19:07 ` tor: update " Leo Famulari
2017-01-24 20:56 ` Hardening (was: Re: tor: update to 0.2.9.9) ng0
2017-01-24 21:02 ` Leo Famulari
2017-01-24 21:09 ` ng0
2017-01-24 21:18 ` ng0 [this message]
2017-01-24 21:32 ` Leo Famulari
2017-01-24 21:56 ` ng0
2017-01-24 22:14 ` ng0
2017-01-25 13:04 ` Hardening Ludovic Courtès
2017-01-30 12:05 ` Hardening ng0
2017-01-30 12:16 ` Hardening ng0
2017-01-25 9:09 ` Hardening (was: Re: tor: update to 0.2.9.9) Ricardo Wurmus
2017-01-25 11:51 ` Hardening ng0
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8760l42m2o.fsf@wasp.i-did-not-set--mail-host-address--so-tickle-me \
--to=contact.ng0@cryptolab.net \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).