Re: kernel 2.4.22 patch
On Sat, 20 Mar 2004 05:14, Phillip Hofmeister <plhofmei@zionlth.org> wrote:
> On another note, The GRSecurity/SELinux patches mitigate a lot of kernel
> vulnerabilities and userland vulnerabilities. If you are running your
> own kernel you may wish to look at them.
Nothing protects you against kernel bugs. PaX (part of GRSEC) does some
things which can theoretically protect against some kernel bugs, I am not
sure whether it would have done any good against any of the recent kernel
bugs (I guess if it did then we would have heard about it ;).
Any improvement to system security which can make it more difficult for a
hostile remote user to run code on your system will make it more difficult
for a local kernel bug to be exploited. SE Linux, exec-shield, GRSEC, etc
all help in this regard.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: