I am coming from Fedora and have switched to Kubuntu. I was wondering if Ubuntu has any plans to compile its packages the way Fedora does -- with SSP, FORTIFY_SOURCE, fstack-protector, etc.. How about Exec-Shield or PaX? Some of these hardening features are now built into GCC, thus it is only a matter of utilizing and testing them. I read on the Ubuntu wiki that such a plan is in place, but I have no idea if it ever got off the ground. Can anyone fill me in? Perhaps Ubuntu is already doing some of this?
My second question pertains to SELinux. Even though Ubuntu provides an option to install SELinux, there is absolutely no documentation pertaining to it, which is a shame. About the only documentation I found describes how to install it. Nothing about policies, troubleshooting, etc.. What exactly is the Ubuntu ref policy? Is it the same as the "targeted" policy?
Bookmarks