Stack Protection available for Fedora and RHEL 3 update 3
Posted Oct 21, 2004 19:38 UTC (Thu) by bluefoxicy
In reply to: Stack Protection available for Fedora and RHEL 3 update 3
Parent article: Security-improving technologies which could be deployed now
Redhat is smalltown. They're one distributor. You can get PaX, PIE, and SSP on Gentoo too, thanks to the efforts of the Hardened Gentoo team; that's still only one distribution. You can get these on Adamantix and a couple other security distros, but they're not being run all over the place and thus aren't "Popular Linux Distributions."
People use six major distributions, as I understand it:
Redhat supplies some protections in Fedora and RHEL. ES is like an immature PaX as far as I understand; PaX is 3 years older and has a much higher level of administrative control, allowing you to even go as far as allowing trampolines to execute from the stack, or to prohibit a program from doing unsafe mprotect() calls. I can't comment on their PIE stuff; and have I heard anything about SSP + RH at all, so I'd be interested to know what they have going there.
Gentoo supplies none of this by default; however, they do support all this, as the Hardened Gentoo project is an official subproject of Gentoo Linux. This doesn't get these into mainstream use on more than a fraction of users' boxes.
Other distributions like Adamantix go above and beyond the call of duty and supply this, that, and the other thing; I believe Adamantix goes as far as using RSBAC for a MAC system, which is not something you sit down and learn on the fly, or brush through in 2 hours. These systems are great for enterprise use; but besides not being widespread in general Linux use, they're a bit excessive to just throw on your gaming or web surfing box.
So that leaves us with Debian, Mandrake, SuSE, Slackware, and yes even most Gentoo installations. Also, Debian derivatives will be easily affected by Debian, which means getting these in Debian at least will also affect Ubuntu, Knoppix, Morphix (and thus Gnoppix), and most other Debian derivatives. I believe these all count as "Most popular linux distributions."
to post comments)