DebianSecurity: Difference between revisions
From DcSharedWiki
(create page) |
m (3 revisions imported) |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 12: | Line 12: | ||
** http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_RELRO_.28ld_-z_relro.29 |
** http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_RELRO_.28ld_-z_relro.29 |
||
* [[AppArmor]] profiles |
* [[AppArmor]] profiles |
||
** |
|||
Work in progress: |
|||
References: |
|||
* http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags |
|||
* http://lists.debian.org/debian-devel/2011/09/msg00242.html |
|||
Ubuntu: |
|||
* https://wiki.ubuntu.com/Security/Features |
* https://wiki.ubuntu.com/Security/Features |
||
Latest revision as of 05:20, 22 April 2019
Some features enabled in Ubuntu and not in Debian:
- gcc's -fstack-protector
- http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_STACKPROTECTOR_.28gcc.2BAC8-g.2B-.2B-_-fstack-protector_--param_ssp-buffer-size.3D4.29
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469517 -fstack-protector produces segfaulting binaries on arm/armel
- PIE
- build with "-D_FORTIFY_SOURCE=2"
- RELRO
- AppArmor profiles
Work in progress:
- http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
- http://lists.debian.org/debian-devel/2011/09/msg00242.html
Ubuntu:
