Re: Why is Debian not secure by default?
- From: "Robert Blair Mason Jr." <rbmj@xxxxxxxxxxx>
- Date: Mon, 24 Jan 2011 03:43:06 -0500
On Sun, 23 Jan 2011 09:04:32 +0100
Sven Joachim <svenjoac@xxxxxx> wrote:
On 2011-01-23 07:29 +0100, Rico Secada wrote:
After having brushed up on some technical aspects of security I would
like to understand why Debian isn't secure be default.
As we all know a lot of security breaches occur because of overflow
errors. Difference protective measurements has been developed for
example such as "executable space protection".
As seen in this list of comparison both Fedora and SUSE are running
with some method of protection enabled by default whereas Debian isn't.
Another example is "stack checking" in GCC where for example OpenBSD
ships with this setting as "enabled-by-default" whereas it is
"off-by-default" on Debian.
I would like to understand why Debian is running with this policy of
"security is off by default"?
Basically because the developers cannot agree where the hardened
compiler options should be implemented. You can get more information by
This was detailed in a release from the security team today:
* Hardening compiler flags
Debian is currently one of the few distributions that doesn't enable hardening
options in the compiler that protect packages against certain types of
vulnerability. There has been work on this for a longer time but it didn't
yet come to fruition. A Birds of a Feather-session will be organised at the
upcoming Debian Conference to get all involved people together and implement
So, in short, it's happening. Just slowly.
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- Prev by Date: Re: firewall package for laptop wi-fi client
- Next by Date: Re: Missing Disk Space or Partition
- Previous by thread: Re: Why is Debian not secure by default?
- Next by thread: no popup window with kdialog