Dear openSUSE developers or Experts! In these days I am mostly engaged in the task of choosing a free and secure Linux ditribution for our university. I prefer openSUSE but it's security is unclean for me in some aspects. As far as i know, opesSUSE has compile time and runtime userland protection agains memory related exploits (gcc / Fortify Source), runtime SSP (gcc / -fstack-protector), and LSM based MAC framework (AppArmor). But I wonder if you could tell me if: -openSUSE 10.3 or older versions have all packages compiled as PIE or PIC to utilize the ASLR capabilities of the 2.6.20 and newer Linux kernels? (Does openSUSE 10.3 have an ASLR capability comparable to that of PaX?) -openSUSE has W^X capabilities (similar to the capabilities provided by PaX or ExecShield patches)? On which architectures and how extensively? -openSUSE packages are linked with BIND_NOW option to make the -z relro linking option even more effective? -openSUSE systems have some extra chroot restrictions, /dev/mem, /dev/kmem, /dev/port, /proc/<PID>/stat, /proc/<PID>maps, Linux privileged I/O related or other security enhancements beyond to the security of the vanilla Linux kernel? Thank you for the invaluable information! Best regards: Nemeth, Tamas IT administrator University of West-Hungary, Sopron, Hungary --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org