Security features of Debian Etch?

To: debian-security@lists.debian.org
Subject: Security features of Debian Etch?
From: Németh Tamás <nice@titanic.nyme.hu>
Date: Sun, 27 May 2007 02:49:12 +0200
Message-id: <200705270249.12636.nice@titanic.nyme.hu>

Dear Debian developers!

 In these days I am mostly engaged in the task of choosing a free and secure 
Linux ditribution for our university. I've googled a lot, but haven't find a 
comprehensive description of the security features of Debian Etch.

Can you tell me if Debain Etch has some advanced userland protection against 
buffer overflows and the like (for example compile-time or runtime SSP as 
gcc / Fortify Source and gcc / -fstack-protector)?

Does Debian Etch have some packages compiled as PIE to utlilize an ASLR 
capable kernel?

Does it have an ASLR and W^X capable kernel, like a PaX or Exec Shield pached 
one?

Are Debain Etch packages linked with the -z relro and BIND_NOW options for 
enhanced address space protection?

Does Debin Etch have some extra chroot 
restrictions, /dev/mem, /dev/kmem, /dev/port, /proc/<PID>/stat, /proc/<PID>maps, 
Linux privileged I/O related or other security enhancements beyond to the 
security of the vanilla Linux kernel?

Thank you for the information!
Best regards:


Nemeth, Tamas
IT administrator
University of West-Hungary, Sopron, Hungary

Reply to:

Follow-Ups:
- Re: Security features of Debian Etch?
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: Security features of Debian Etch?
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Restrict remote access by time?
Next by Date: Re: Security features of Debian Etch?
Previous by thread: Restrict remote access by time?
Next by thread: Re: Security features of Debian Etch?
Index(es):
- Date
- Thread