I'm not sure if anyone has tried this one, but a fairly extensive patch set for the 2.4 series of kernels is available called grsecurity (http://www.grsecurity.net). It includes whole whacks of stuff (take a look at the "features" page http://www.grsecurity.net/features.htm) .. I haven't had a change to tried it out, but it looks promising.
If anyone has any good/bad experiences with such patches, please let me know. later, Steve > -----Original Message----- > From: Alvin Oga [mailto:[EMAIL PROTECTED]] > Sent: January 18, 2002 12:30 PM > To: Vincent > Cc: [EMAIL PROTECTED] > Subject: Re: protection against buffer overflows > > > > hi ya vincent > > > I'm working on buffer overflows these days, and more precisely the > > possible methods to avoid them. It seems that the most used > tools to > > prevent exploits based on buffer overflows are Libsafe, OpenWall, > > StackGuard... and maybe Saint Jude. > > > > Has anyone any interesting comments about theses methods ? > > > > just a quickie comment... > > libsafe seems to work across the board on most major linux distro > and takes 5 minutes to do it all > http://www.Linux-Sec.net/harden/libsafe.uhow2.txt > > openwall works only w/ 2.2.x kernels unless they've released > 2.4.x stuff > > stackguard was beyond my scope of "patience"... > ( part of immunix ?? ) > - and it modifies gcc which i didnt like it doing... > > - sometimes compiling sources already fails with generic > environments so didnt want to deal with a modified gcc > > other kernel patches/methodologies > http://www.Linux-Sec.net/Harden/kernel.gwif.html > > thanx > alvin > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
