[CentOS-devel] CentOS - SIG Hardening
Corey Henderson
corman at cormander.com
Wed Apr 22 14:06:13 UTC 2015
> On Apr 22, 2015, at 7:55 AM, Karanbir Singh <mail-lists at karan.org> wrote:
>
>> On 04/13/2015 03:10 PM, Earl A Ramirez wrote:
>>
>> This looks promising, do we need some sort of formal proposal to the
>> CentOS board to get the ball rolling?
>
>
> You will need someone to help with that process, i can do that if you
> are willing to wait till the first week of May.
>
> Another thing i want to throw in, paraphrasing another conversation:
>
> We should consider for EL7, building everything (as far as possible) as
> PIE/RELRO, swapping out dlmalloc in libc for something else (probably
> jemalloc). Perhaps also use -finit-local-vars (especially in the kernel)
> and -fwrapv.
>
> Thoughts ?
>
> --
> Karanbir Singh
> +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
> GnuPG Key : http://www.karan.org/publickey.asc
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> http://lists.centos.org/mailman/listinfo/centos-devel
Is this for stock EL7 or would there be a whole new slew of rpm packages in a separate repo with these compile options that need to be maintained?
More information about the CentOS-devel
mailing list