Security features of Debian Etch?
Dear Debian developers!
In these days I am mostly engaged in the task of choosing a free and secure
Linux ditribution for our university. I've googled a lot, but haven't find a
comprehensive description of the security features of Debian Etch.
Can you tell me if Debain Etch has some advanced userland protection against
buffer overflows and the like (for example compile-time or runtime SSP as
gcc / Fortify Source and gcc / -fstack-protector)?
Does Debian Etch have some packages compiled as PIE to utlilize an ASLR
Does it have an ASLR and W^X capable kernel, like a PaX or Exec Shield pached
Are Debain Etch packages linked with the -z relro and BIND_NOW options for
enhanced address space protection?
Does Debin Etch have some extra chroot
restrictions, /dev/mem, /dev/kmem, /dev/port, /proc/<PID>/stat, /proc/<PID>maps,
Linux privileged I/O related or other security enhancements beyond to the
security of the vanilla Linux kernel?
Thank you for the information!
University of West-Hungary, Sopron, Hungary