Perhaps a hardened desktop profile might be nice. Possibly even an selinux profile with the popular WMs. From what I remember users of the server profile are given a warning to switch to hardened though it would be nice to add hardened options to other "specialized" profiles.
On Sat, Sep 7, 2013 at 3:48 AM, Rick "Zero_Chaos" Farina < zeroch...@gentoo.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/05/2013 07:06 AM, Mike Frysinger wrote: > > On Thursday 05 September 2013 06:13:28 Agostino Sarubbo wrote: > >> during an irc debate, me and other people just noticed that the default > >> profile could use more flags to enhance the security. > >> > >> An hint is here: > >> https://wiki.ubuntu.com/ToolChain/CompilerFlags > >> > >> Please argue about what we _don't_ use. > > > > the only thing we don't use by default is SSP. and we have hardened for > that. > > > > fairly certain the other flags we've been using in Gentoo for years. > > -mike > > > > Since I don't see this in the profile and I know almost nothing about > how the toolchain works, perhaps you could grace us with how to see the > fact that "we've been using in Gentoo for years" :-) > > Thanks, > Zero > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.20 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBAgAGBQJSKqIYAAoJEKXdFCfdEflKCwkP/Rdlo2rk+g8qyfB9SlsFgoP0 > 4b+/qkB8WmwNBEURhR7kwF/SJa6kh0BOcorz33e/YO4jayn/yW1ve36HrKOGR52G > 56oNWWtRYzsiscObpOVxf+JM9EMm2RVrhfM1Z9FIP8pTFS8gj31fR8caPJssjUGv > xl0wSUahs1+q44xOX+NB+7y47nhrjwfq2OTUHsekMdOWt43MoLp86qEMJKlPFG9a > djEpkshTpE2pZZMQ8jGGASmITcWlHhuipeWkwDCblcxMMCWgFr+CfovEqJXeoz5I > jI4rtpe4QNl7QA+eXY1fygiAiVgx15BYq2SIBC51AluvVgaYRw8ANr8qSUhCakXM > Af49vhzp8/Id3/aytOrllprucPHTICMARKbYhAJyGtfJtKkQ3iGHHOlrIN2ufnrO > gO/EZUqb+NRlHrv845a0HQA3zmYDNBJw5zu6GymV4aMsUcVQE/uSbqAZ7BxuWlV2 > LxLvE9pn48WvcvBYp4R36DRQg955D34GKI1VRojgESsyLIgq4Q0wLjarY1fsG4O/ > iUZRyXOI5erVCiOGey42kCr19fw1ta35XtKrEQPwWJkb2na1RB7PHbGBdVBlU/Lq > mLAWFSCwocg+wNBuBWcpJlFdLV4eQYxSqyTqeFdxYBv9qxvqqLzkGUxqDy8L4bAT > KglCdavI5Y2UBcFuv4/w > =yb4E > -----END PGP SIGNATURE----- > >