Hi, On Tue, Feb 08, 2011 at 01:33:12PM +0100, [email protected] wrote: > Hi, > I'm writing with reference to security test performed by MWR Labs last > year. To avoid writing too much I'll just give links to the articles > describing the tests: > http://labs.mwrinfosecurity.com/notices/security_mechanisms_in_linux_environment__part_1___userspace_memory_protection/ > http://labs.mwrinfosecurity.com/notices/assessing_the_tux_strength_part_2_into_the_kernel/
Including compile time hardening options has been discussed for a long time, but efforts is probably laking of people willing to push it. You can see some historical pages on the wiki [1]. Seems that this might be a release goal for weezy, or at least it will probably be discussed at the next debconf as the debian security team stated in their last mail on debian-devel-announce after their last meeting [2]. I've myself begin to bug report [3] against some packages to include hardening-wrapper in the build-deps after having almost sucesfully rebuild most of the packages available in the main section. Since then, Im waiting the debconf to see the path that will be choosen to implement this features. > As stated in the articles in Debian Lenny there were very little of > available security mechanisms of the Linux environment included. I > just wanted to know what is the status of this in Squeeze and also > rise a release goal for Wheezy to enable some pro-active security > mechanisms mentioned in the articles. For example, I guess enabling > PIE in iceweasel, other web browsers and network daemons is worth > taking into consideration. I know my point is extremely general, I > just hope to start a discussion about this topic. > Thanks, > Marcin [1] http://wiki.debian.org/Hardening [2] http://lists.debian.org/debian-devel-announce/2011/01/msg00006.html [3] http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=hardening;[email protected] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/20110208183925.GB14772@localhost
