[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: kernel 2.4.22 patch

On Sat, 20 Mar 2004 05:14, Phillip Hofmeister <plhofmei@zionlth.org> wrote:
> On another note, The GRSecurity/SELinux patches mitigate a lot of kernel
> vulnerabilities and userland vulnerabilities.  If you are running your
> own kernel you may wish to look at them.

Nothing protects you against kernel bugs.  PaX (part of GRSEC) does some 
things which can theoretically protect against some kernel bugs, I am not 
sure whether it would have done any good against any of the recent kernel 
bugs (I guess if it did then we would have heard about it ;).

Any improvement to system security which can make it more difficult for a 
hostile remote user to run code on your system will make it more difficult 
for a local kernel bug to be exploited.  SE Linux, exec-shield, GRSEC, etc 
all help in this regard.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: