Re: Introducing security hardening features for Lenny

To: debian-devel@lists.debian.org
Subject: Re: Introducing security hardening features for Lenny
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Sun, 3 Feb 2008 21:05:05 +0100
Message-id: <[🔎] slrnfqc7jh.3b4.jmm@inutil.org>
References: <20080129211624.GA3982@galadriel.inutil.org> <200801291547.26621.jgoerzen@complete.org>

John Goerzen wrote:
> However, I am concerned that is appears to be limited in scope to packages 
> that:
>
>  * Are written in C or C++
>
>  * Can have hardening achieved through technical changes to the build process
>
> I think it is important to remember that other languages can have security 
> problems too, perhaps just as easy as these (shell). 

Sure, but we're trying to optimise for the common case here.

Everyone is welcome to start systematic security enhancement efforts for other
languages (like, checking all existing Python code for insecure sub process
invocation or something similar).

An important reason is that some features (SSP and FORTIFIED_SOURCE) allow us 
to lower the amount of needed work to fix security issues. There have been
several vulnerabilities which are non-issues on e.g. RHEL5, which has both
enabled. The ASLR changes are icing on the cake.

Cheers,
        Moritz

Reply to:

Prev by Date: Re: Introducing security hardening features for Lenny
Next by Date: Bug#463862: ITP: ipafont -- Japanese high quality TrueType font
Previous by thread: Re: Introducing security hardening features for Lenny
Next by thread: Bug#463862: ITP: ipafont -- Japanese high quality TrueType font
Index(es):
- Date
- Thread