Matthew Garrett writes:
> On Thu, Jul 13, 2023 at 08:03:39PM +0200, Timo Röhling wrote:
>
>> qemu is basically an interpreter for foreign machine code. If your
>> threat model allows access to qemu-user-static for an attacker, they
>> can run pretty much any binary is if it were native, and the
Marco d'Itri writes:
> On Jul 04, "Trent W. Buck" wrote:
>
>> * If it runs its own process manager (e.g. postfix's "master"),
>> don't bother trying to harden it.
> I disagree. It may not be possible to use NoNewPrivileges, but at least
> file system hardening is usually trivial to
On Jul 04, "Trent W. Buck" wrote:
> * If it runs its own process manager (e.g. postfix's "master"),
> don't bother trying to harden it.
I disagree. It may not be possible to use NoNewPrivileges, but at least
file system hardening is usually trivial to enable for most daemons.
> * If it
RL writes:
> Russell Coker writes:
>
>> https://wiki.debian.org/ReleaseGoals/SystemdAnalyzeSecurity
>>
>> I think we should make it a release goal to have as many daemons as
>> possible running with systemd security features to aim for a low score
>> from "systmd-analyze security".
>
>
> This
4 matches
Mail list logo
