Re: [Gluster-devel] Security hardening RELRO PIE flags

2015-04-03 Thread Atin Mukherjee
On 04/02/2015 06:43 PM, Justin Clift wrote: On 2 Apr 2015, at 14:08, Niels de Vos nde...@redhat.com wrote: On Thu, Apr 02, 2015 at 01:21:57PM +0100, Justin Clift wrote: On 31 Mar 2015, at 08:15, Niels de Vos nde...@redhat.com wrote: On Tue, Mar 31, 2015 at 12:20:19PM +0530, Kaushal M wrote:

Re: [Gluster-devel] Security hardening RELRO PIE flags

2015-04-02 Thread Justin Clift
On 31 Mar 2015, at 08:15, Niels de Vos nde...@redhat.com wrote: On Tue, Mar 31, 2015 at 12:20:19PM +0530, Kaushal M wrote: IMHO, doing hardening and security should be left the individual distributions and the package maintainers. Generally, each distribution has it's own policies with regards

Re: [Gluster-devel] Security hardening RELRO PIE flags

2015-04-02 Thread Kaleb KEITHLEY
Hi, Sorry for the top-post. Just to Amplify a but if what Niels has already said—— Yes, in Fedora, the glusterfs.spec file has a line %global _hardened_build 1 at the top. This enables PIE and RELRO in Fedora and EPEL builds. This line exists in the glusterfs.spec.in file in the Gluster

Re: [Gluster-devel] Security hardening RELRO PIE flags

2015-04-02 Thread Kaleb KEITHLEY
On 04/02/2015 08:22 AM, Kaleb KEITHLEY wrote: Hi, Sorry for the top-post. Just to Amplify a but if what Niels... Just to Amplify a bit of what Niels (Naughty fingers.) -- Kaleb ___ Gluster-devel mailing list

Re: [Gluster-devel] Security hardening RELRO PIE flags

2015-04-02 Thread Niels de Vos
On Thu, Apr 02, 2015 at 01:21:57PM +0100, Justin Clift wrote: On 31 Mar 2015, at 08:15, Niels de Vos nde...@redhat.com wrote: On Tue, Mar 31, 2015 at 12:20:19PM +0530, Kaushal M wrote: IMHO, doing hardening and security should be left the individual distributions and the package

Re: [Gluster-devel] Security hardening RELRO PIE flags

2015-04-02 Thread Atin Mukherjee
I've got responses from couple of folks, would also love hear from others. ~Atin On 03/31/2015 11:49 AM, Atin Mukherjee wrote: Folks, There are some projects which uses compiler/glibc features to strengthen the security claims. Popular distros suggest to harden daemon with RELRO/PIE flags.

Re: [Gluster-devel] Security hardening RELRO PIE flags

2015-04-02 Thread Venky Shankar
On 03/31/2015 12:45 PM, Niels de Vos wrote: On Tue, Mar 31, 2015 at 12:20:19PM +0530, Kaushal M wrote: IMHO, doing hardening and security should be left the individual distributions and the package maintainers. Generally, each distribution has it's own policies with regards to hardening and

Re: [Gluster-devel] Security hardening RELRO PIE flags

2015-04-02 Thread Justin Clift
On 2 Apr 2015, at 14:08, Niels de Vos nde...@redhat.com wrote: On Thu, Apr 02, 2015 at 01:21:57PM +0100, Justin Clift wrote: On 31 Mar 2015, at 08:15, Niels de Vos nde...@redhat.com wrote: On Tue, Mar 31, 2015 at 12:20:19PM +0530, Kaushal M wrote: IMHO, doing hardening and security should be

Re: [Gluster-devel] Security hardening RELRO PIE flags

2015-03-31 Thread Kaushal M
IMHO, doing hardening and security should be left the individual distributions and the package maintainers. Generally, each distribution has it's own policies with regards to hardening and security. We as an upstream project cannot decide on what a distribution should do. But we should be ready to

Re: [Gluster-devel] Security hardening RELRO PIE flags

2015-03-31 Thread Niels de Vos
On Tue, Mar 31, 2015 at 12:20:19PM +0530, Kaushal M wrote: IMHO, doing hardening and security should be left the individual distributions and the package maintainers. Generally, each distribution has it's own policies with regards to hardening and security. We as an upstream project cannot