It's not a Debian specific problem. Even "Security Conscious" distros like Fedora only build a dozen or so key packages with pic and ssp because of performance concerns. Address sanatizor is obviously out of the question.
Then of course Linux does not have proper ASLR without 3rd party kernel patches anyway making pie pretty pointless. There is a good article out there on why rsbac does not use lsm, I recommend you read it if you do not understand the current security vs performance dynamic within Linux. You should also read up on the history of Pax and ask why it is not in the mainline Linux tree. For whoever asked about previous Debian specific attempts I suggest you look into a project called mempo, now defunct of course. Given what I've said above we return to my original point. No mainstream distro, especially Debian, is willing to pay the cost (mostly performance) for adding meaningful security. If your plan is to try to bulldoze all this stuff into Debian testing, that's not going to work... -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
