Re: Security features of Debian Etch?
Németh Tamás wrote:
> In these days I am mostly engaged in the task of choosing a free and secure
> Linux ditribution for our university. I've googled a lot, but haven't find a
> comprehensive description of the security features of Debian Etch.
> Can you tell me if Debain Etch has some advanced userland protection against
> buffer overflows and the like (for example compile-time or runtime SSP as
> gcc / Fortify Source and gcc / -fstack-protector)?
Debian Etch only offers ASLR as provided by the stock Debian kernel (including
a randomized VDSO, which several other distributions lack). Further features
are missing in Etch, as they were not available in all architectures and due
to the fact that glibc 2.3 was used.
Debian Lenny will hopefully introduce features like gcc's SSP, FORTIFY_SOURCE
and others. Details will likely be discussed during our annual developers's
conference taking place in Edinburgh next month.