Re[2]: protection against buffer overflows
Hello Lars,
Wednesday, January 23, 2002, 9:45:26 AM, you wrote:
LB> On Fri, 2002-01-18 at 22:15, Hassard, Stephen wrote:
>> I'm not sure if anyone has tried this one, but a fairly extensive patch set
>> for the 2.4 series of kernels is available called grsecurity
>> (http://www.grsecurity.net). It includes whole whacks of stuff (take a look
>> at the "features" page http://www.grsecurity.net/features.htm) .. I haven't
>> had a change to tried it out, but it looks promising.
LB> > openwall works only w/ 2.2.x kernels unless they've released
>> > 2.4.x stuff
LB> I will not vouch for the quality og GRSecurity, but it does implement
LB> Openwall on the 2.4 series. In comparison with LIDS it does not have the
LB> same requirement for pre-reboot configuration. GRSecurti featrures ACL,
LB> but they can be set only for the files that need them.
LB> It was a breeze to patch and compile. I have it in production of dozens
LB> of machines running IPSec and bridging amongst other things. I have no
LB> problems related to the patch.(I mention this because GRSecurity also
LB> increases the randomness of the network traffic in particular, so that
LB> it becomes virtually impossible to quess operating system with an ``nmap
LB> -O''. It messes with many different aspects of the system.)
LB> I would like to see others try it out and comment on this, because it
LB> looks very, very promising.
it indeed sounds VERY interesting (not only to me) :-)
although I never dealt with special kernel modifications.
But I'll give it a go..can anyone recommend any other
kernel security patch sites? ..would be great!
--
Best regards,
Roman mailto:linux-dude@anscheinend.net
Reply to: