hardened systems (as well as my non-hardened ones) have been running
FEATURES=sfperms for years with no known bugs. so unless someone has
a compelling reason otherwise, i'll be enabling this in
profiles/default/linux/ for all linux systems.
-mike
10-26-2010, 09:21 AM
Mike Frysinger
enabling FEATURES=sfperms for all Linux profiles
On Tue, Oct 26, 2010 at 2:45 AM, Mike Frysinger wrote:
> hardened systems (as well as my non-hardened ones) have been running
> FEATURES=sfperms for years with no known bugs. *so unless someone has
> a compelling reason otherwise, i'll be enabling this in
> profiles/default/linux/ for all linux systems.
nm. tove pointed out that portage already takes care of this in its
make.globals.
-mike
10-26-2010, 09:22 AM
Kfir Lavi
enabling FEATURES=sfperms for all Linux profiles
On Tue, Oct 26, 2010 at 8:45 AM, Mike Frysinger <vapier@gentoo.org> wrote:
hardened systems (as well as my non-hardened ones) have been running
FEATURES=sfperms for years with no known bugs. *so unless someone has
a compelling reason otherwise, i'll be enabling this in
profiles/default/linux/ for all linux systems.
-mike
Hi Mike,
How can I see my current features?
Regards,
Kfir
10-26-2010, 10:25 AM
Tom Knight
enabling FEATURES=sfperms for all Linux profiles
On Tue, Oct 26, 2010 at 11:22:08AM +0200, Kfir Lavi wrote:
> How can I see my current features?
>
emerge --info | grep FEATURES
10-26-2010, 10:30 AM
Kfir Lavi
enabling FEATURES=sfperms for all Linux profiles
On Tue, Oct 26, 2010 at 12:25 PM, Tom Knight <tomk@gentoo.org> wrote:
On Tue, Oct 26, 2010 at 11:22:08AM +0200, Kfir Lavi wrote:
> How can I see my current features?
>
emerge --info | grep FEATURES
My FEATURES shows I have sfperms:
FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"
Regards,
Kfir
10-26-2010, 11:23 AM
"Anthony G. Basile"
enabling FEATURES=sfperms for all Linux profiles
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/26/2010 02:45 AM, Mike Frysinger wrote:
> hardened systems (as well as my non-hardened ones) have been running
> FEATURES=sfperms for years with no known bugs. so unless someone has
> a compelling reason otherwise, i'll be enabling this in
> profiles/default/linux/ for all linux systems.
> -mike
>
Good idea. Is this in response to the $ORIGIN root exploit in glibc?
(bug #341755).
- --
Anthony G. Basile, Ph.D.
Gentoo Developer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Anthony G. Basile posted on Tue, 26 Oct 2010 07:23:58 -0400 as excerpted:
> On 10/26/2010 02:45 AM, Mike Frysinger wrote:
>> hardened systems (as well as my non-hardened ones) have been running
>> FEATURES=sfperms for years with no known bugs. so unless someone has a
>> compelling reason otherwise, i'll be enabling this in
>> profiles/default/linux/ for all linux systems.
>> -mike
>>
> Good idea. Is this in response to the $ORIGIN root exploit in glibc?
> (bug #341755).
You apparently missed his followup. Quoting:
>> nm. tove pointed out that portage already takes care of this in its
>> make.globals.
Tho one wonders about the other PMs... but do they even use FEATURES the
same way?
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
enabling FEATURES=sfperms for all Linux profiles
