DebianSecurity: Difference between revisions
From DcSharedWiki
(create page) |
(add some links) |
||
| Line 12: | Line 12: | ||
** http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_RELRO_.28ld_-z_relro.29 |
** http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_RELRO_.28ld_-z_relro.29 |
||
* [[AppArmor]] profiles |
* [[AppArmor]] profiles |
||
** |
|||
Work in progress: |
|||
* http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags |
|||
* http://lists.debian.org/debian-devel/2011/09/msg00242.html |
|||
References: |
References: |
||
Revision as of 02:00, 16 September 2011
Some features enabled in Ubuntu and not in Debian:
- gcc's -fstack-protector
- http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_STACKPROTECTOR_.28gcc.2BAC8-g.2B-.2B-_-fstack-protector_--param_ssp-buffer-size.3D4.29
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469517 -fstack-protector produces segfaulting binaries on arm/armel
- PIE
- build with "-D_FORTIFY_SOURCE=2"
- RELRO
- AppArmor profiles
Work in progress:
- http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
- http://lists.debian.org/debian-devel/2011/09/msg00242.html
References:
