[CentOS-devel] CentOS - SIG Hardening
Karanbir Singh
mail-lists at karan.org
Wed Apr 22 13:55:56 UTC 2015
On 04/13/2015 03:10 PM, Earl A Ramirez wrote:
>
> This looks promising, do we need some sort of formal proposal to the
> CentOS board to get the ball rolling?
You will need someone to help with that process, i can do that if you
are willing to wait till the first week of May.
Another thing i want to throw in, paraphrasing another conversation:
We should consider for EL7, building everything (as far as possible) as
PIE/RELRO, swapping out dlmalloc in libc for something else (probably
jemalloc). Perhaps also use -finit-local-vars (especially in the kernel)
and -fwrapv.
Thoughts ?
--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc
More information about the CentOS-devel
mailing list