On Fri, Feb 13, 2004 at 09:52:01AM -0800, Matt Zimmerman wrote: > > > In terms of real-world security there appears to be no difference > > > between Debian and openbsd at this time. SELinux would be significantly > > > better, but Debian can hardly claim to support that at present. > > > > I disagree on the differences: W^X and protection against stack overflows > > (ProPolice), introduced in 3.3 [1] make a significant difference IMHO, > > Debian kernels or user-level programs do not provide any kind of > > protection against buffer/stack overflows currently [2]. > > Andrew was talking about real-world security, not protection for > hypothetical vulnerabilities. Even so, I disagree with him, in that the > frequency of local root vulnerabilities published in the Linux kernel since, > say, the Woody release, is abhorrent. The Linux kernel is a component of > practically every Debian system in existence, so it should meet any > definition of "default install". I considered those, but concluded that the kernel just wasn't that important in the grand scheme of things. Local root vulnerabilities aren't all *that* much worse just because they're in the kernel - plenty of other components on both platforms have had serious local root holes, so a few more isn't all that big a deal. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
signature.asc
Description: Digital signature