Dear Debian developers! In these days I am mostly engaged in the task of choosing a free and secure Linux ditribution for our university. I've googled a lot, but haven't find a comprehensive description of the security features of Debian Etch.
Can you tell me if Debain Etch has some advanced userland protection against buffer overflows and the like (for example compile-time or runtime SSP as gcc / Fortify Source and gcc / -fstack-protector)? Does Debian Etch have some packages compiled as PIE to utlilize an ASLR capable kernel? Does it have an ASLR and W^X capable kernel, like a PaX or Exec Shield pached one? Are Debain Etch packages linked with the -z relro and BIND_NOW options for enhanced address space protection? Does Debin Etch have some extra chroot restrictions, /dev/mem, /dev/kmem, /dev/port, /proc/<PID>/stat, /proc/<PID>maps, Linux privileged I/O related or other security enhancements beyond to the security of the vanilla Linux kernel? Thank you for the information! Best regards: Nemeth, Tamas IT administrator University of West-Hungary, Sopron, Hungary
