Re: Suggestions for linux security patches

Chris Wright (chris@wirex.com)
Wed, 19 Dec 2001 15:50:20 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Elyse Grasso: "apm gpf on Inspiron2500 with 2.4.9"
Previous message: Eric Sandeen: "[PATCH] BLKSIZEGET64 broken in blkpg.c: blk_ioctl()"
In reply to: Jason Czerak: "Suggestions for linux security patches"
Next in thread: Kevin: "Re: Suggestions for linux security patches"

* Jason Czerak (Jason-Czerak@Jasnik.net) wrote:
> So to advoid applying 20 or so differnet patches, and evaluate each of
> them (taking up what little time I have in a day...), I wish to get the
> lists opinions on the matter.

have you looked at linux security modules? the patches are at
http://lsm.immunix.org. it pushes security policy into modules so you can
try different modules to see which policy you prefer.

> Local security/control isn't much of an issue and most likly won't be
> for a while. Remote security and protection from server deamons that
> have buffer problems are high priority to get the best protection for.

note, non-executable stack does not prevent buffer overflow attacks.
the exploit just needs to change. check out tools like libsafe and
StackGuard as well for buffer overflow protection.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Elyse Grasso: "apm gpf on Inspiron2500 with 2.4.9"
Previous message: Eric Sandeen: "[PATCH] BLKSIZEGET64 broken in blkpg.c: blk_ioctl()"
In reply to: Jason Czerak: "Suggestions for linux security patches"
Next in thread: Kevin: "Re: Suggestions for linux security patches"