On Thu, Mar 28, 2024 at 11:24 AM Greg Wooledge wrote: > > On Thu, Mar 28, 2024 at 01:30:32PM +0000, Andy Smith wrote: > > I'm just not sure that you'll find any "hardening" guide that will > > specifically say "disable writing to your terminal as there might be > > a bug in a binary that is setgid tty" before yesterday's reveal that > > there is such a bug in "wall". > > > > The more general advice to audit every setuid/setgid binary is more > > likely to be present. > [...] > > If the maintainer of util-linux doesn't agree, then the next thing > > I'd try is a bug against the Debian Administrator's Handbook: > > > > https://www.debian.org/doc/manuals/debian-handbook/ > > > > This has a chapter on security, so possibly it would be appropriate > > to mention "m,esg n" there. > > A more proactive endeavor would be to document known best practices > on the wiki. A quick search found a couple pages that might serve > as starting points: > > https://wiki.debian.org/SecurityManagement > https://wiki.debian.org/Hardening -- says it's for package maintainers > > Anyone who is serious about such a project probably has a long road ahead > of them.
Is there a generally preferred web link checker program for Debian? I took a look at https://www.debian.org/doc/manuals/securing-debian-manual/ch04s15.en.html and the 4.15. Protecting against buffer overflows section has this bit: recompile the source code to introduce proper checks that prevent overflows, using the http://www.research.ibm.com/trl/projects/security/ssp/ patch for GCC (which is used by http://www.adamantix.org) http://www.research.ibm.com/trl/projects/security/ssp/ patch gives me a connect failed and http://www.adamantix.org sends me to a vietnamese tv site?? Seems to me that an easy first step would be to check that all the links still work. Regards, Lee
