Re: making Debian secure by default

[Lee <ler762@gmail.com>]

On Thu, Mar 28, 2024 at 11:24 AM Greg Wooledge  wrote:
>
> On Thu, Mar 28, 2024 at 01:30:32PM +0000, Andy Smith wrote:
> > I'm just not sure that you'll find any "hardening" guide that will
> > specifically say "disable writing to your terminal as there might be
> > a bug in a binary that is setgid tty" before yesterday's reveal that
> > there is such a bug in "wall".
> >
> > The more general advice to audit every setuid/setgid binary is more
> > likely to be present.
> [...]
> > If the maintainer of util-linux doesn't agree, then the next thing
> > I'd try is a bug against the Debian Administrator's Handbook:
> >
> >     https://www.debian.org/doc/manuals/debian-handbook/
> >
> > This has a chapter on security, so possibly it would be appropriate
> > to mention "m,esg n" there.
>
> A more proactive endeavor would be to document known best practices
> on the wiki.  A quick search found a couple pages that might serve
> as starting points:
>
>     https://wiki.debian.org/SecurityManagement
>     https://wiki.debian.org/Hardening  -- says it's for package maintainers
>
> Anyone who is serious about such a project probably has a long road ahead
> of them.

Is there a generally preferred web link checker program for Debian?
I took a look at
  https://www.debian.org/doc/manuals/securing-debian-manual/ch04s15.en.html
and the 4.15. Protecting against buffer overflows section has this bit:
recompile the source code to introduce proper checks that prevent
overflows, using the
 http://www.research.ibm.com/trl/projects/security/ssp/ patch for GCC
(which is used by
 http://www.adamantix.org)

http://www.research.ibm.com/trl/projects/security/ssp/ patch gives me
a connect failed and
http://www.adamantix.org sends me to a vietnamese tv site??

Seems to me that an easy first step would be to check that all the
links still work.

Regards,
Lee