On Sun, 23 Jan 2011 09:04:32 +0100
Sven Joachim svenj...@gmx.de wrote:
On 2011-01-23 07:29 +0100, Rico Secada wrote:
After having brushed up on some technical aspects of security I would
like to understand why Debian isn't secure be default.
As we all know a lot of security breaches occur because of overflow
errors. Difference protective measurements has been developed for
example such as executable space protection.
As seen in this list of comparison both Fedora and SUSE are running
with some method of protection enabled by default whereas Debian isn't.
http://en.wikipedia.org/wiki/Comparison_of_Linux_distributions#Security_features
Another example is stack checking in GCC where for example OpenBSD
ships with this setting as enabled-by-default whereas it is
off-by-default on Debian.
I would like to understand why Debian is running with this policy of
security is off by default?
Basically because the developers cannot agree where the hardened
compiler options should be implemented. You can get more information by
reading http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552688.
Sven
This was detailed in a release from the security team today:
* Hardening compiler flags
Debian is currently one of the few distributions that doesn't enable hardening
options in the compiler that protect packages against certain types of
vulnerability. There has been work on this for a longer time but it didn't
yet come to fruition. A Birds of a Feather-session will be organised at the
upcoming Debian Conference to get all involved people together and implement
this.
So, in short, it's happening. Just slowly.
--
rbmj
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110124034306.50c970b7@blair-laptop
