RE: protection against buffer overflows
I'm not sure if anyone has tried this one, but a fairly extensive patch set
for the 2.4 series of kernels is available called grsecurity
(http://www.grsecurity.net). It includes whole whacks of stuff (take a look
at the "features" page http://www.grsecurity.net/features.htm) .. I haven't
had a change to tried it out, but it looks promising.
If anyone has any good/bad experiences with such patches, please let me
know.
later,
Steve
> -----Original Message-----
> From: Alvin Oga [mailto:aoga@Maggie.Linux-Consulting.com]
> Sent: January 18, 2002 12:30 PM
> To: Vincent
> Cc: debian-security@lists.debian.org
> Subject: Re: protection against buffer overflows
>
>
>
> hi ya vincent
>
> > I'm working on buffer overflows these days, and more precisely the
> > possible methods to avoid them. It seems that the most used
> tools to
> > prevent exploits based on buffer overflows are Libsafe, OpenWall,
> > StackGuard... and maybe Saint Jude.
> >
> > Has anyone any interesting comments about theses methods ?
> >
>
> just a quickie comment...
>
> libsafe seems to work across the board on most major linux distro
> and takes 5 minutes to do it all
> http://www.Linux-Sec.net/harden/libsafe.uhow2.txt
>
> openwall works only w/ 2.2.x kernels unless they've released
> 2.4.x stuff
>
> stackguard was beyond my scope of "patience"...
> ( part of immunix ?? )
> - and it modifies gcc which i didnt like it doing...
>
> - sometimes compiling sources already fails with generic
> environments so didnt want to deal with a modified gcc
>
> other kernel patches/methodologies
> http://www.Linux-Sec.net/Harden/kernel.gwif.html
>
> thanx
> alvin
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
Reply to: