FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 10-26-2010, 06:45 AM
Mike Frysinger
 
Default enabling FEATURES=sfperms for all Linux profiles

hardened systems (as well as my non-hardened ones) have been running
FEATURES=sfperms for years with no known bugs. so unless someone has
a compelling reason otherwise, i'll be enabling this in
profiles/default/linux/ for all linux systems.
-mike
 
Old 10-26-2010, 09:21 AM
Mike Frysinger
 
Default enabling FEATURES=sfperms for all Linux profiles

On Tue, Oct 26, 2010 at 2:45 AM, Mike Frysinger wrote:
> hardened systems (as well as my non-hardened ones) have been running
> FEATURES=sfperms for years with no known bugs. *so unless someone has
> a compelling reason otherwise, i'll be enabling this in
> profiles/default/linux/ for all linux systems.

nm. tove pointed out that portage already takes care of this in its
make.globals.
-mike
 
Old 10-26-2010, 09:22 AM
Kfir Lavi
 
Default enabling FEATURES=sfperms for all Linux profiles

On Tue, Oct 26, 2010 at 8:45 AM, Mike Frysinger <vapier@gentoo.org> wrote:

hardened systems (as well as my non-hardened ones) have been running

FEATURES=sfperms for years with no known bugs. *so unless someone has

a compelling reason otherwise, i'll be enabling this in

profiles/default/linux/ for all linux systems.

-mike



Hi Mike,
How can I see my current features?

Regards,
Kfir
 
Old 10-26-2010, 10:25 AM
Tom Knight
 
Default enabling FEATURES=sfperms for all Linux profiles

On Tue, Oct 26, 2010 at 11:22:08AM +0200, Kfir Lavi wrote:
> How can I see my current features?
>
emerge --info | grep FEATURES
 
Old 10-26-2010, 10:30 AM
Kfir Lavi
 
Default enabling FEATURES=sfperms for all Linux profiles

On Tue, Oct 26, 2010 at 12:25 PM, Tom Knight <tomk@gentoo.org> wrote:

On Tue, Oct 26, 2010 at 11:22:08AM +0200, Kfir Lavi wrote:

> How can I see my current features?

>

emerge --info | grep FEATURES

My FEATURES shows I have sfperms:
FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"

Regards,

Kfir
 
Old 10-26-2010, 11:23 AM
"Anthony G. Basile"
 
Default enabling FEATURES=sfperms for all Linux profiles

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/26/2010 02:45 AM, Mike Frysinger wrote:
> hardened systems (as well as my non-hardened ones) have been running
> FEATURES=sfperms for years with no known bugs. so unless someone has
> a compelling reason otherwise, i'll be enabling this in
> profiles/default/linux/ for all linux systems.
> -mike
>
Good idea. Is this in response to the $ORIGIN root exploit in glibc?
(bug #341755).

- --
Anthony G. Basile, Ph.D.
Gentoo Developer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkzGuk4ACgkQl5yvQNBFVTWmFwCdEMUSLVu8Tg QHo2xRpSvjsAtd
kRAAn1F1R/5IOovKB39lqePYyMs6B8w7
=LDmc
-----END PGP SIGNATURE-----
 
Old 10-26-2010, 12:14 PM
Duncan
 
Default enabling FEATURES=sfperms for all Linux profiles

Anthony G. Basile posted on Tue, 26 Oct 2010 07:23:58 -0400 as excerpted:

> On 10/26/2010 02:45 AM, Mike Frysinger wrote:
>> hardened systems (as well as my non-hardened ones) have been running
>> FEATURES=sfperms for years with no known bugs. so unless someone has a
>> compelling reason otherwise, i'll be enabling this in
>> profiles/default/linux/ for all linux systems.
>> -mike
>>
> Good idea. Is this in response to the $ORIGIN root exploit in glibc?
> (bug #341755).

You apparently missed his followup. Quoting:

>> nm. tove pointed out that portage already takes care of this in its
>> make.globals.

Tho one wonders about the other PMs... but do they even use FEATURES the
same way?

--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
 

Thread Tools




All times are GMT. The time now is 06:58 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org