AW: [suse-security] Protecting against BufferOverflows
Hi maybe http://www.avayalabs.com/project/libsafe/index.html would be worth having a look at. -----Ursprüngliche Nachricht----- Von: Jan Luehr [mailto:jluehr@gmx.net] Gesendet am: Mittwoch, 13. März 2002 18:28 An: suse-security@suse.com Betreff: [suse-security] Protecting against BufferOverflows greetings are there any kernel patches or other things, defending suse linux against Bufferoverwflows? Do you have any expirences in defending suse Linux? Keep smiling yanosz -- GnuPG Key available at http://www.jluehr.de.vu/public_key.asc -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
[...]
Von: Jan Luehr [mailto:jluehr@gmx.net] Gesendet am: Mittwoch, 13. März 2002 18:28 An: suse-security@suse.com Betreff: [suse-security] Protecting against BufferOverflows
greetings
are there any kernel patches or other things, defending suse linux against Bufferoverwflows? [...]
Yes there are some. One of the well-known patches is Solar Designer's
kernel patch, which you will find here:
http://www.openwall.com/linux/
It adds an additional security menu to the kernel config, for things
like non-executable user stack area, restricted links, etc.
But be careful. A quote from the patch README:
"However, note that this patch is by no means a complete solution, it
just
adds an extra layer of security. Many buffer overflow vulnerabilities
will remain exploitable a more complicated way, and some will even
remain
unaffected by the patch. The reason for using such a patch is to
protect
against some of the buffer overflow vulnerabilities that are yet
unknown."
This is not only directed at the Solar Designer patch, but also to such
kind of patches in general; there are numerous exploits out there which
recognise these patches and try to sneak past them (which is possible,
tho harder to accomplish).
Boris Lorenz
Am 14.03.2002 11:35:07, schrieb Boris Lorenz
are there any kernel patches or other things, defending suse linux against Bufferoverwflows? [...]
Yes there are some. One of the well-known patches is Solar Designer's kernel patch, which you will find here:
Check www.grsecurity.net too, openwall-patches are included there Michael Appeldorn
participants (3)
-
Bitzer,Gerd
-
Boris Lorenz
-
Michael Appeldorn