Re: Debians security features: Which are active?

To: debian-security@lists.debian.org, Paul Wise <pabs@debian.org>
Subject: Re: Debians security features: Which are active?
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat, 17 May 2014 11:48:18 +0000
Message-id: <[🔎] 53774C82.5070507@riseup.net>
In-reply-to: <[🔎] 1Wlc0B-1IAJ040@fwd31.aul.t-online.de>
References: <[🔎] 1WlNxN-1QSFPM0@fwd38.aul.t-online.de> <[🔎] 1Wlc0B-1IAJ040@fwd31.aul.t-online.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

herzogbrigitte1@t-online.de:
> Thank you for all your replies. I understand that the user is
> important for security, but it's a difference whether you start
> from scratch or you can work with somethink prebuilt. So, could you
> tell me, which of the following securit features are enabled in
> Debian by default and which I have to activate manually:
> 
> Stack Protector Heap Protector Pointer Obfuscation Stack ASLR 
> Libs/mmap ASLR Exec ASLR brk ASLR VDSO ASLR Built as PIE Built with
> Fortify Source Built with RELRO Built with BIND_NOW Non-Executable
> Memory /proc/$pid/maps protection Symlink restrictions Hardlink
> restrictions ptrace scope 0-address protection /dev/mem protection 
> /dev/kmem disabled Block module loading Read-only data sections 
> Stack protector Module RO/NX Kernel Address Display Restriction 
> Blacklist Rare Protocols Syscall Filtering Block kexec

Paul Wise recently started a thread on this mailing list:
goals for hardening Debian: ideas and help wanted

What about making a wiki page in Debian wiki listing what's
implemented with references?

If you wish, I can try to start that table. I would be interested
myself what's implemented.

-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJTd0yAXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2RTk3OUIyOEE2RjM3QzQzQkUzMEFGQTFD
QjhENTBCQjc3QkIzQzQ4AAoJEMuNULt3uzxI8HsP/RfDxaehxC0QJW+I9zr60gJh
OYvYAWUaNubF2fZlbI+u1OShDYYgTplc4iVzzi9zAtCn5V88rpH01Ehnj22RgmL+
38oIvbmae/zRXt0CdAUIJFf6HY53P9scUGWPq0INcYl6TkIAHH7lUzY3yWGzTWy9
/M5Nf6c9g1BWU0Sjrsiik17pi/01FWgAe8kkI7To3jhiYypSbgAZsYFQTJg5RtZK
ZJcNTUYFrIiW5z/dLNSG400oG+SFb8B5kNp+5lImdIbxVzRKs8WghH/QgUA5Uxzk
FV+6VP9hhtPx59/zT4YSVLOTjQkuwV2ZK0esRL2OuzIlXdBmG778sYE/vJZBY2Z3
G9kupqefW3RUkmw8kKdmW9aYg1Df++rQq1evP54N6rH4rqxVyE1MNdNwETN7aYHw
Z6Yx7mdZ8AqbWD3UTKQ8Z70jiMm/1S9iTbJ7K0/GkcUhfNg4VMcrlhUxUiQqJZMG
b04TnBtdL+rgTi+vPd0SFFI2stmnCCthmnR56SnvnX3+IZ98ODBYm/DlaJPVhFNm
0h4MCGJFe463dl1WWFbMJ3mY0G4M96KkpakEpzuMBYUHHV2zjATonb+KQ/4Hwyhi
IzMTNwpUVH/fwEU6lznUX9bKwf9koEAioJxSyTvI3es/NKWIycdvW3Hg2dGuGyCl
4Lm3ImCVtqx/hN+dkcJN
=WSpN
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- AW: Debians security features: Which are active?
  - From: "herzogbrigitte1@t-online.de" <herzogbrigitte1@t-online.de>

References:
- Debians security features in comparison to Ubuntu
  - From: "herzogbrigitte1@t-online.de" <herzogbrigitte1@t-online.de>
- Re: Debians security features: Which are active?
  - From: "herzogbrigitte1@t-online.de" <herzogbrigitte1@t-online.de>

Prev by Date: Re: Debians security features in comparison to Ubuntu
Next by Date: Re: Debians security features: Which are active?
Previous by thread: Re: Debians security features: Which are active?
Next by thread: AW: Debians security features: Which are active?
Index(es):
- Date
- Thread