Dear Fedora developers or Experts!
In these days I am mostly engaged in the task of choosing a free and secure Linux ditribution for our university. I've read some documents from this field but I am in doubt in a few areas:
When i look at Ingo Molnar's Exec Shield patch web page (http://people.redhat.com/mingo/exec-shield/), I got the impression that a fully feature Exec Shield patch set exists only for the 2.4 series of the Linux kernels, and on the 2.6 series it only provides NX. Am I correct? Is there an (maybe exprimental) Exec Shield patch for 2.6 kernels which provides full ALSR functionality, including the relocation of PIE binaries? If not, then I wonder why is it so difficult to be done for the 2.6 series. (For example PaX is still considered experimental on 2.6!)
Are the Fedora packages linked with BIND_NOW option to make the -z relro linking option even more effective?
Thank you for the information! Best regards:
Nemeth, Tamas IT administrator University of West-Hungary, Sopron, Hungary
security@lists.fedoraproject.org