[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Security features of Debian Etch?

Dear Debian developers!

 In these days I am mostly engaged in the task of choosing a free and secure 
Linux ditribution for our university. I've googled a lot, but haven't find a 
comprehensive description of the security features of Debian Etch.

Can you tell me if Debain Etch has some advanced userland protection against 
buffer overflows and the like (for example compile-time or runtime SSP as 
gcc / Fortify Source and gcc / -fstack-protector)?

Does Debian Etch have some packages compiled as PIE to utlilize an ASLR 
capable kernel?

Does it have an ASLR and W^X capable kernel, like a PaX or Exec Shield pached 

Are Debain Etch packages linked with the -z relro and BIND_NOW options for 
enhanced address space protection?

Does Debin Etch have some extra chroot 
restrictions, /dev/mem, /dev/kmem, /dev/port, /proc/<PID>/stat, /proc/<PID>maps, 
Linux privileged I/O related or other security enhancements beyond to the 
security of the vanilla Linux kernel?

Thank you for the information!
Best regards:

Nemeth, Tamas
IT administrator
University of West-Hungary, Sopron, Hungary

Reply to: