[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hardening (was: Re: tor: update to

From: ng0
Subject: Re: Hardening (was: Re: tor: update to
Date: Tue, 24 Jan 2017 21:09:24 +0000

Leo Famulari <address@hidden> writes:

> On Tue, Jan 24, 2017 at 08:56:48PM +0000, ng0 wrote:
>> Leo Famulari <address@hidden> writes:
>> > Should we build Tor with "--enable-expensive-hardening"?
>> I will take a look later what can be applied other than the
>> default configure flags.
>> I'm all for hardening, but it seems that the first basic ideas
>> for Guix are stuck in the idea state.
> As far as I can tell, --enable-expensive-hardening is specific to Tor,
> so it's not relevant to the project of hardening all Guix packages.


I'm building this change right now:

+    (arguments
+     `(#:configure-flags (list "--enable-expensive-hardening"
+                               "--enable-gcc-hardening"
+                               "--enable-linker-hardening")))

Taken from Gentoo, I trust their hardening project to debug and
discover good usage.

>> It would be great to see some movement on this during this
>> year. I volunteer to help with it, though I don't have as much
>> experience with SELinux (and only basic experience with
>> GrSecurity without a modular kernel like GuixSD uses).
> Yes, this effort needs a champion.

♥Ⓐ  ng0 --

reply via email to

[Prev in Thread] Current Thread [Next in Thread]