Re: Re[2]: protection against buffer overflows

To: linux-dude <linux-dude@anscheinend.net>
Cc: debian-security@lists.debian.org
Subject: Re: Re[2]: protection against buffer overflows
From: Gergely Trifonov <gergely.trifonov@indweb.hu>
Date: 23 Jan 2002 11:26:03 +0100
Message-id: <[🔎] 1011781563.32054.4.camel@ind5>
In-reply-to: <[🔎] 843641012.20020123110707@anscheinend.net>
References: <[🔎] 675596326AC6D5119F5600A024CC1851102B26@MAIL2> <[🔎] 1011775527.603.2.camel@isidor> <[🔎] 843641012.20020123110707@anscheinend.net>

i think ya can find some interesting stuff here:

Kaladix Linux (security patches + the kaladix distro)
http://www.kaladix.org/hypersec.html
LIDS - Linux Intrusion Detection System
http://www.lids.org/
Openwall
http://www.openwall.com/
PaX patch
http://pageexec.virtualave.net/
HAP patch
http://www.theaimsgroup.com/~hlein/hap-linux/
Stealth patch
http://www.energymech.net/madcamel/fm/

have fun

On Wed, 2002-01-23 at 11:07, linux-dude@anscheinend.net wrote:
> Hello Lars,
> 
> Wednesday, January 23, 2002, 9:45:26 AM, you wrote:
> 
> LB> On Fri, 2002-01-18 at 22:15, Hassard, Stephen wrote:
> >> I'm not sure if anyone has tried this one, but a fairly extensive patch set
> >> for the 2.4 series of kernels is available called grsecurity
> >> (http://www.grsecurity.net). It includes whole whacks of stuff (take a look
> >> at the "features" page http://www.grsecurity.net/features.htm) .. I haven't
> >> had a change to tried it out, but it looks promising.
> 
> LB>  > openwall works only w/ 2.2.x kernels unless they've released 
> >> > 2.4.x stuff
> 
> LB> I will not vouch for the quality og GRSecurity, but it does implement
> LB> Openwall on the 2.4 series. In comparison with LIDS it does not have the
> LB> same requirement for pre-reboot configuration. GRSecurti featrures ACL,
> LB> but they can be set only for the files that need them.
> 
> LB> It was a breeze to patch and compile. I have it in production of dozens
> LB> of machines running IPSec and bridging amongst other things. I have no
> LB> problems related to the patch.(I mention this because GRSecurity also
> LB> increases the randomness of the network traffic in particular, so that
> LB> it becomes virtually impossible to quess operating system with an ``nmap
> LB> -O''. It messes with many different aspects of the system.)
>  
> LB> I would like to see others try it out and comment on this, because it
> LB> looks very, very promising.
> 
> it indeed sounds VERY interesting (not only to me) :-)
> although I never dealt with special kernel modifications.
> But I'll give it a go..can anyone recommend any other
> kernel security patch sites? ..would be great!
> 
> -- 
> Best regards,
>  Roman                            mailto:linux-dude@anscheinend.net
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
-- 
__________________________________________
Gergely Trifonov    mailto:gergely.trifonov@indweb.hu                   
System Administrator, WSD
 
IND - Interactive Net Design      http://www.indweb.hu
Széchenyi u. 70.        H - 3530 Miskolc          Hungary
Phone: +36 46 505 106              Fax: +36 46 505 107
                    Mobile: +36 20 395 6476

!Please install IND CA Certification as TRUSTED CA!
                  https://www.indweb.hu/IND.crt

Reply to:

References:
- RE: protection against buffer overflows
  - From: "Hassard, Stephen" <SHassard@angio.com>
- RE: protection against buffer overflows
  - From: Lars Bahner <lars@bahner.com>
- Re[2]: protection against buffer overflows
  - From: "linux-dude@anscheinend.net" <Shadowfreak@gmx.net>

Prev by Date: Re[2]: protection against buffer overflows
Next by Date: Re: protection against buffer overflows
Previous by thread: Re[2]: protection against buffer overflows
Next by thread: Re: protection against buffer overflows
Index(es):
- Date
- Thread