-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 herzogbrigit...@t-online.de: > Thank you for all your replies. I understand that the user is > important for security, but it's a difference whether you start > from scratch or you can work with somethink prebuilt. So, could you > tell me, which of the following securit features are enabled in > Debian by default and which I have to activate manually: > > Stack Protector Heap Protector Pointer Obfuscation Stack ASLR > Libs/mmap ASLR Exec ASLR brk ASLR VDSO ASLR Built as PIE Built with > Fortify Source Built with RELRO Built with BIND_NOW Non-Executable > Memory /proc/$pid/maps protection Symlink restrictions Hardlink > restrictions ptrace scope 0-address protection /dev/mem protection > /dev/kmem disabled Block module loading Read-only data sections > Stack protector Module RO/NX Kernel Address Display Restriction > Blacklist Rare Protocols Syscall Filtering Block kexec
Paul Wise recently started a thread on this mailing list: goals for hardening Debian: ideas and help wanted What about making a wiki page in Debian wiki listing what's implemented with references? If you wish, I can try to start that table. I would be interested myself what's implemented. -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJTd0yAXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2RTk3OUIyOEE2RjM3QzQzQkUzMEFGQTFD QjhENTBCQjc3QkIzQzQ4AAoJEMuNULt3uzxI8HsP/RfDxaehxC0QJW+I9zr60gJh OYvYAWUaNubF2fZlbI+u1OShDYYgTplc4iVzzi9zAtCn5V88rpH01Ehnj22RgmL+ 38oIvbmae/zRXt0CdAUIJFf6HY53P9scUGWPq0INcYl6TkIAHH7lUzY3yWGzTWy9 /M5Nf6c9g1BWU0Sjrsiik17pi/01FWgAe8kkI7To3jhiYypSbgAZsYFQTJg5RtZK ZJcNTUYFrIiW5z/dLNSG400oG+SFb8B5kNp+5lImdIbxVzRKs8WghH/QgUA5Uxzk FV+6VP9hhtPx59/zT4YSVLOTjQkuwV2ZK0esRL2OuzIlXdBmG778sYE/vJZBY2Z3 G9kupqefW3RUkmw8kKdmW9aYg1Df++rQq1evP54N6rH4rqxVyE1MNdNwETN7aYHw Z6Yx7mdZ8AqbWD3UTKQ8Z70jiMm/1S9iTbJ7K0/GkcUhfNg4VMcrlhUxUiQqJZMG b04TnBtdL+rgTi+vPd0SFFI2stmnCCthmnR56SnvnX3+IZ98ODBYm/DlaJPVhFNm 0h4MCGJFe463dl1WWFbMJ3mY0G4M96KkpakEpzuMBYUHHV2zjATonb+KQ/4Hwyhi IzMTNwpUVH/fwEU6lznUX9bKwf9koEAioJxSyTvI3es/NKWIycdvW3Hg2dGuGyCl 4Lm3ImCVtqx/hN+dkcJN =WSpN -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53774c82.5070...@riseup.net
