[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why Linux, Why Debian

On Fri, Feb 13, 2004 at 09:52:01AM -0800, Matt Zimmerman wrote:
> > > In terms of real-world security there appears to be no difference
> > > between Debian and openbsd at this time. SELinux would be significantly
> > > better, but Debian can hardly claim to support that at present.
> > 
> > I disagree on the differences: W^X and protection against stack overflows
> > (ProPolice), introduced in 3.3 [1] make a significant difference IMHO,
> > Debian kernels or user-level programs do not provide any kind of
> > protection against buffer/stack overflows currently [2]. 
> Andrew was talking about real-world security, not protection for
> hypothetical vulnerabilities.  Even so, I disagree with him, in that the
> frequency of local root vulnerabilities published in the Linux kernel since,
> say, the Woody release, is abhorrent.  The Linux kernel is a component of
> practically every Debian system in existence, so it should meet any
> definition of "default install".

I considered those, but concluded that the kernel just wasn't that
important in the grand scheme of things. Local root vulnerabilities
aren't all *that* much worse just because they're in the kernel -
plenty of other components on both platforms have had serious local
root holes, so a few more isn't all that big a deal.

  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

Attachment: signature.asc
Description: Digital signature

Reply to: