About Ubuntu security

Ng, Cheon-woei cheon-woei.ng at intel.com
Mon Jul 30 16:01:36 UTC 2007


Hello,

This is the first time I post a question.  If it is not the correct
place to place the questions, can you please re-direct me to the correct
place?

It is my understanding that user space buffer overflow exploits (like
SUID, return-to-libc, etc) are basically impossible under Feisty Fawn or
Gutsy because of implementation of security measures like Address Space
Layout Randomization, Stack Guard, and AppArmor (in Gutsy).  

Questions:
1. Is my assumption correct?
2. Are there any other security measures that I did not mention and I
should know of?
3. Is there a link repository where I could find all details of the
security features included in Feisty Fawn or Gutsy?  For example, I am
looking for a dedicated place in Ubuntu.com where I could find answers
for questions like these:
	a. Is the Address Space Layout Randomization based on PaX?  
	b. When was this security measure included in Ubuntu?  
	c. How many bits are randomized? 
	d. Is function table randomized? 
	e. Is Stack Guard part of all applications included in Feisty
Fawn? 

Thanks!

Sincerely,
Cheon-Woei Ng




More information about the ubuntu-server mailing list