According to Nik Engel: > Hi ! > How are your results using the openwall kernel patch ? > www.openwall.com > Any experience ?
Hi ! I've used it to compare its efficiency to other buffer overflow protections. I would suggest you to have a look at the Grsecurity patch if you intend to have OW working on a 2.4 Kernel. Moreover this also includes PaX, which is more complete. Find it at : http://www.grsecurity.net/ OpenWall will offer you non-executablity of the stack, among others (but this is one of its most interesting features). You have no heap protection though, and it does not protect against return-into-libC attacks, I think. Nevertheless it's a first protection... PaX offers stack and heap non-executability, as well as mmap randomization and Grsecurity adds another layer with some /proc restrictions. All this leads to stack + heap protection, and makes return-into-libC (nearly ?) impossbile. Of course it makes PaX "heavier" for your system (and it seems there's some trouble with java, ada... but I haven't experienced it) but it is an excellent solution. I'm sorry for this digression from Open Wall to PaX, but I think this is a great patch ! :) Hope it will help... Vincent -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
