Re: Why is Debian not secure by default?
On 2011-01-23 07:29 +0100, Rico Secada wrote: After having brushed up on some technical aspects of security I would like to understand why Debian isn't secure be default. As we all know a lot of security breaches occur because of overflow errors. Difference protective measurements has been developed for example such as executable space protection. As seen in this list of comparison both Fedora and SUSE are running with some method of protection enabled by default whereas Debian isn't. http://en.wikipedia.org/wiki/Comparison_of_Linux_distributions#Security_features Another example is stack checking in GCC where for example OpenBSD ships with this setting as enabled-by-default whereas it is off-by-default on Debian. I would like to understand why Debian is running with this policy of security is off by default? Basically because the developers cannot agree where the hardened compiler options should be implemented. You can get more information by reading http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552688. Sven -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87mxmsnizz@turtle.gmx.de
Re: Why is Debian not secure by default?
On Sun, 23 Jan 2011 09:04:32 +0100 Sven Joachim svenj...@gmx.de wrote: On 2011-01-23 07:29 +0100, Rico Secada wrote: After having brushed up on some technical aspects of security I would like to understand why Debian isn't secure be default. As we all know a lot of security breaches occur because of overflow errors. Difference protective measurements has been developed for example such as executable space protection. As seen in this list of comparison both Fedora and SUSE are running with some method of protection enabled by default whereas Debian isn't. http://en.wikipedia.org/wiki/Comparison_of_Linux_distributions#Security_features Another example is stack checking in GCC where for example OpenBSD ships with this setting as enabled-by-default whereas it is off-by-default on Debian. I would like to understand why Debian is running with this policy of security is off by default? Basically because the developers cannot agree where the hardened compiler options should be implemented. You can get more information by reading http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552688. Sven This was detailed in a release from the security team today: * Hardening compiler flags Debian is currently one of the few distributions that doesn't enable hardening options in the compiler that protect packages against certain types of vulnerability. There has been work on this for a longer time but it didn't yet come to fruition. A Birds of a Feather-session will be organised at the upcoming Debian Conference to get all involved people together and implement this. So, in short, it's happening. Just slowly. -- rbmj -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110124034306.50c970b7@blair-laptop
Why is Debian not secure by default?
Hi. After having brushed up on some technical aspects of security I would like to understand why Debian isn't secure be default. As we all know a lot of security breaches occur because of overflow errors. Difference protective measurements has been developed for example such as executable space protection. As seen in this list of comparison both Fedora and SUSE are running with some method of protection enabled by default whereas Debian isn't. http://en.wikipedia.org/wiki/Comparison_of_Linux_distributions#Security_features Another example is stack checking in GCC where for example OpenBSD ships with this setting as enabled-by-default whereas it is off-by-default on Debian. I would like to understand why Debian is running with this policy of security is off by default? Kind regards RS -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110123072917.6f210f96.coolz...@it.dk