Security/Features - Ubuntu Wiki

Immutable Page
Info
Attachments
More Actions:

Features

Revision 3 as of 2009-07-24 20:12:39

Table of security features in Ubuntu:

By Default

Available

Unimplemented

feature	6.06 LTS	8.04 LTS	8.10	9.04	9.10
No Open Ports	policy	policy	policy	policy	policy
Password hashing	md5	md5	sha512	sha512	sha512
AppArmor	--	2.1+svn1075	2.3	2.3	2.3.1
SELinux	--	2.0.55 (universe)	universe	universe	universe
SMACK	--	--	kernel	kernel	kernel
FS capabilities	--	--	kernel	kernel	kernel
Configurable Firewall	iptables	ufw	ufw	ufw (installer integration)	ufw
Encrypted LVM	alt installer	alt installer	alt installer	alt installer	installer
eCryptfs	--	--	~/Private	~/Private or ~, filenames	~/Private or ~, filenames
Stack Protector	--	gcc patch	gcc patch	gcc patch	gcc patch
Heap Protector	glibc	glibc	glibc	glibc	glibc
libc pointer obfuscation	--	glibc	glibc	glibc	glibc
stack ASLR	kernel	kernel	kernel	kernel	kernel
mmap/libs ASLR	kernel (i386 only)	kernel	kernel	kernel	kernel
exec ASLR	--	kernel (-mm patch)	kernel	kernel	kernel
brk ASLR	--	kernel (exec ASLR)	kernel	kernel	kernel
vdso ASLR	--	kernel	kernel	kernel	kernel
Built as PIE	--	--	package list	package list	package list
Built w/ Fortify Source	--	--	gcc patch	gcc patch	gcc patch
Built w/ relro	--	--	gcc patch	gcc patch	gcc patch
Built w/ BIND_NOW	--	--	--	--	package list
Non-Exec Memory	PAE only	PAE only	PAE only	PAE only	PAE, ia32 partial-NX-emulation
/proc/$pid/maps protection	--	kernel & sysctl	kernel	kernel	kernel
0-address protection	--	kernel & sysctl	kernel & sysctl	kernel	kernel
/dev/mem protection	kernel	kernel (-mm patch)	kernel	kernel	kernel
/dev/kmem disabled	--	kernel (-mm patch)	kernel	kernel	kernel
PR_SET_SECCOMP	--	kernel	kernel	kernel	kernel
SYN cookies	kernel	kernel	kernel	kernel & sysctl	kernel & sysctl
CONFIG_DEBUG_RODATA	--	kernel	kernel	kernel	kernel
CONFIG_CC_STACKPROTECTOR	--	--	--	--	kernel