This is an old revision of the document!
If any developers have ideas for hardening the distribution, feel free to post them here . Keep in mind that these are just ideas, not necessarily stuff we have committed to doing.
Create a rescue environment in /opt/rescue. This environment will contain backup versions of essential binaries (similar to BSD's /rescue or /altroot directory). It will reside on a separate read only filesystem. It will use Busybox with static linking so it is not dependent on any other part of the system for proper functionality.
--enable-stack-protector=strong --enable-stackguard-randomization