Re: Security on debian
There are numerous ways of hardening a linux box - its not really debian spec. But anyhow, a good example of an all round hardening/security "patch" is the 'grsecurity' kernel patch (from www.securedlinux.org) which borrows heavily from solar designers openwall patch, and moddes the code, as well as having a lot of other options. It can prevent stack overflows, as well as neat other features like pid randomizations, proc restrictions etc. To be able to exploit a kernel/bbox with the stack protection, exploiters will have to explore other ways of doing so :) (on the heap, bss etc).
Other ways of hardening a box is to restrict access to all suid binaries (mode 4755/6755(-rwsr-xr-x)), eg, /usr/bin/passwd, crontab, etc, by adding a group for example 'suid' and adding yourself to the group, and then chmod'ing 4750 && chown root:suid the binaries -- other users not in the suid gruop will not be able to execute them, therefore they will not be able to exploit any bugs they/other people have found in them
A lot of other people can explain this better than me! ;) Check out www.securityfocus.com and other sec. sites for a lot more info :)
Sorry if the wrapping of this is wierd, i'm using `mail` in a console.
Anyhow, thx
pip.
Reply to: