Dear openSUSE developers or Experts!
In these days I am mostly engaged in the task of choosing a free and secure
Linux ditribution for our university. I prefer openSUSE but it's security is
unclean for me in some aspects. As far as i know, opesSUSE has compile time
and runtime userland protection agains memory related exploits (gcc / Fortify
Source), runtime SSP (gcc / -fstack-protector), and LSM based MAC framework
(AppArmor). But I wonder if you could tell me if:
-openSUSE 10.3 or older versions have all packages compiled as PIE or PIC to
utilize the ASLR capabilities of the 2.6.20 and newer Linux kernels? (Does
openSUSE 10.3 have an ASLR capability comparable to that of PaX?)
-openSUSE has W^X capabilities (similar to the capabilities provided by PaX or
ExecShield patches)? On which architectures and how extensively?
-openSUSE packages are linked with BIND_NOW option to make the -z relro
linking option even more effective?
-openSUSE systems have some extra chroot
restrictions, /dev/mem, /dev/kmem, /dev/port, /proc/<PID>/stat, /proc/<PID>maps,
Linux privileged I/O related or other security enhancements beyond to the
security of the vanilla Linux kernel?
Thank you for the invaluable information!
Best regards:
Nemeth, Tamas
IT administrator
University of West-Hungary, Sopron, Hungary
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org