guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hardening (was: Re: tor: update to 0.2.9.9)

From: ng0
Subject: Re: Hardening (was: Re: tor: update to 0.2.9.9)
Date: Tue, 24 Jan 2017 21:09:24 +0000 
Leo Famulari <address@hidden> writes:

> On Tue, Jan 24, 2017 at 08:56:48PM +0000, ng0 wrote:
>> Leo Famulari <address@hidden> writes:
>> > Should we build Tor with "--enable-expensive-hardening"?
>> 
>> I will take a look later what can be applied other than the
>> default configure flags.
>> 
>> I'm all for hardening, but it seems that the first basic ideas
>> for Guix are stuck in the idea state.
>
> As far as I can tell, --enable-expensive-hardening is specific to Tor,
> so it's not relevant to the project of hardening all Guix packages.

Yes.

I'm building this change right now:

+    (arguments
+     `(#:configure-flags (list "--enable-expensive-hardening"
+                               "--enable-gcc-hardening"
+                               "--enable-linker-hardening")))

Taken from Gentoo, I trust their hardening project to debug and
discover good usage.

>> It would be great to see some movement on this during this
>> year. I volunteer to help with it, though I don't have as much
>> experience with SELinux (and only basic experience with
>> GrSecurity without a modular kernel like GuixSD uses).
>
> Yes, this effort needs a champion.

-- 
♥Ⓐ  ng0 -- https://www.inventati.org/patternsinthechaos/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]