Does Ubuntu use security features like DEP and ALSR?
I often read that features such as DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) are provided on Windows. On Windows, you are given some control over turning on DEP for 32-bit programs.
- Are these features available in Ubuntu
- is there anything we need to do to turn these features on?
Solution 1:
Yes for both. They are on by default; you don't need to do anything to enable it. Longer answer follows...
DEP is used by default in Ubuntu. This is done via the NX bit if the CPU supports it, or emulated via memory segmentation if the CPU does not support it. For more details, see the non-executable memory feature item.
ASLR is used by default in Ubuntu on any memory segments that can be relocated (stack, libraries, heap, mmap). The only portion of a program that is not relocatable by default is the main code area ("text" segment). Programs need to be specially compiled as PIE (position independent executable) to enable this. Many sensitive programs are already built this way. For more details, see the list
Many additional security features are also available by default in Ubuntu. See the Ubuntu Security Features documentation for the full list.
Solution 2:
The Linux kernel, by default, does make use of similar technologies, however they are different from the Windows versions. If your processor has the capability to set the NX bit (most modern CPUs), then the kernel will make use of it. There is also a weak implementation in ASLR in the kernel, and stronger ones can be installed, but are not installed by default on Ubuntu.