Tight Security And apt-get: Trusted Debian Project

← Back to Stories (view on slashdot.org)

Tight Security And apt-get: Trusted Debian Project

Posted by timothy on Wednesday March 26, 2003 @08:37AM from the swirling-padlocks dept.

kcurrie writes "There is now a Trusted Debian project available. This release installs over a stock woody installation, and includes PaX (non-executable data section kernel patch), IBM stack smashing protector patch for GCC and a ton of recompiled programs (BIND, Apache, Postfix and OpenSSH included) that take advantage of this. Running 2.4.20, it also includes the latest Snort and FreeS/WAN support.
"

10 comments

Min score:

Reason:

Sort:

Moo by Chacham · 2003-03-26 09:19 · Score: 2, Funny

Interesting, though I'll wait until I can apt-get it.

I'm still shaking from the horrors of using Ximian as a deb source.

--
Have you read my journal today?
Re:THIS IS AN EXCELLENT TOOL FOR TERRORISTS by Anonymous Coward · 2003-03-26 12:23 · Score: 0

Al Gore, is that you, Al.
Uhm... by TheSHAD0W · 2003-03-26 13:47 · Score: 1

Judging from the number of messages posted under this subject, I suspect there won't be enough interest to keep the project going.

:-P
Status of stack-smashing protection patch? by brianjcain · 2003-03-26 14:54 · Score: 1

Why haven't gcc accepted the stack-smashing patch yet? Does it generate unstable code? Sounds like a cool compile flag, if you ask me.
1. Re:Status of stack-smashing protection patch? by Anonymous Coward · 2003-03-28 03:01 · Score: 0
  
  Hi!
  
  I don't know why the GCC people have not included the stack-smashing patch. The patched GCC version used in Trusted Debian (Debian GCC 2.95.4 package + 2.95.3 stack-protector patch) for instance crashes on compiling binutils. Another ``victim'' is aptitude, which compiles fine, but crashes when you press / to search in the package list.
  
  I saw patch version 19 for 2.95.3 was available whereas the current Trusted Debian GCC uses version 16. So maybe some of the problems have been fixed.
  
  Currently no other compiler has been used by the Trusted Debian project, so I don't know how stable the 3.2 patch is for instance.
  
  If enough people ask distribution vendors and/or the GCC maintainers about it, it may (eventually) get included. However, noone does so that is why things stay the way they are. So don't complain here, complain where your complaint can make a difference.
  
  Groetjes,
  Peter Busser
I don't have the need.... by pr0c · 2003-03-26 14:58 · Score: 1

I of course don't have the need for such security. I think running debian is good enough :P

Places that need the extra security such as the US government are running freaking windows!!
but... by BortQ · 2003-03-26 15:29 · Score: 1

I always trusted Debian.

--

A Multiplayer Strategy Game for Mac OS X, Windows, and Linux
So much better than openbsd by Anonymous Coward · 2003-03-27 19:45 · Score: 0

YEAH!
1. Re:So much better than openbsd by Anonymous Coward · 2003-03-28 03:09 · Score: 0
  
  Actually it is not better than OpenBSD.
  
  OpenBSD 3.3 will also have the GCC patched with the stack protector and binaries compiled with this compiler.
  
  And also OpenBSD has similar kernel based protection as PaX has.
  
  And of course OpenBSD has their auditing project and several other extensions like systrace and stuff like that.
  
  However, Trusted Debian IMHO has the potential to beat OpenBSD in many areas in a year or so. However, there is still a lot of complex work ahead and who knows what the OpenBSD people come up with in a year time.
  
  Groetjes,
  Peter Busser