• Speaker: Brady Dibble
• Room: CC 203
• Time: Sun 2:00 pm – 2:30 pm

• Format: Lecture (30 Min + Q&A)
• Difficulty: Some experience required
• Track: Security / Privacy
• Additional Tags: OSS Distributions
• Presenter Location: In-person
• Experience: several-th time speaking
• At: anywhere / at lfnw

Package‑level security hardening can eliminate entire classes of vulnerabilities before CVEs are published — or mitigate them before patches exist. The Rocky Linux Security SIG demonstrates this proactive approach by modifying core packages and integrating tools such as LKRG, drawing on decades of Openwall hardening work.

A key example: the hardened glibc in Rocky Linux prevented exploitation of CVE‑2023‑4911 (Looney Tunables), reducing impact before upstream Enterprise Linux shipped a fix.

This talk explains:

• Which packages are hardened and why
• What attack surfaces these modifications eliminate
• How the control