Commit dfe7aeca authored by Tails developers's avatar Tails developers
Browse files

Update AppArmor and hardening compilation status for Wheezy.

parent 6a468284
...@@ -127,17 +127,17 @@ a snapshot of Debian testing/unstable at a given point of time. ...@@ -127,17 +127,17 @@ a snapshot of Debian testing/unstable at a given point of time.
*Ubuntu ships the AppArmor Mandatory Access Control system.* *Ubuntu ships the AppArmor Mandatory Access Control system.*
**Answer**: right. We [[would like|todo/Mandatory_Access_Control]] to **Answer**: right. We [[would like|todo/Mandatory_Access_Control]] to
get something similar into Tails, and more generally into Debian. But get something similar into Tails: that's why we have done a great part
don't misread the press releases: AppArmor is enabled for very few of the work that was needed to add basic AppArmor support in Debian
applications in Ubuntu. Wheezy. But don't misread the press releases: AppArmor is enabled for
very few applications in Ubuntu.
*Ubuntu uses compiler hardening options by default.* **Answers**: *Ubuntu uses compiler hardening options by default.* **Answers**:
right. Ubuntu makes a point here. That's why we have been helping right. Ubuntu makes a point here, but this is quite temporary: Debian
pushing this into Debian. This is now a release goal for Debian Wheezy will ship with many packages compiled with hardening options
Wheezy, and being actively worked on. On the other hand, such options too. On the other hand, such options are not the security Grail; while
are not the security Grail; while they put the bar a bit higher for they put the bar a bit higher for the attacker, there are known ways
the attacker, there are known ways to workaround them, and exploit the to workaround them, and exploit the so-called protected binaries
so-called protected binaries anyway. Given the tendency is that more anyway. Given the tendency is that more and more distribution vendors
and more distribution vendors enable those options, it seems safe to enable those options, it seems safe to bet serious attackers take this
bet serious attackers take this into account, and design their into account, and design their exploits accordingly.
exploits accordingly.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment