|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] Security patches for Suse's 2.6 kernel
From: Marcus Meissner (meissner
suse.de)
Date: Wed Jan 26 2005 - 03:33:18 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Jan 25, 2005 at 09:04:15PM +0100, nordi wrote:
> Hi list!
>
> I've ported the hardlink/symlink protection of the grsecurity patch to
> Suse's 2.6 kernels. My patch makes it considerable harder (and sometimes
> impossible) to exploit insecure handling of files in /tmp. Additionally
> it prevents some other annoying things that an attacker could do with
> hard/symlinks. The patch, more details and install instructions can be
> found on my website (http://private.addcom.de/nordi/). Feedback is welcome!
>
> The patch is very small and non-intrusive. The slightly changed handling
> of links should(!) not break existing software. At least I've been using
> this patch myself on a Suse 9.1 and a 9.2 machine for a couple of weeks
> now and haven't seen anything break that wasn't broken before ;)
Try to get it in upstream kernel. Good luck ;)
You should probably rename the 2 new functions before to a name that
matches what they do.
Btw, there is a nice thread of grsecurity merge to mainline (with lot
of flamage) going on currently. So you might find a bees nest :/
Ciao, Marcus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB92Pe6nvzlwF1Yj4RAqZuAKClwrTGM8vmNLzZixIhUfUF6kW2zACeODdO
hlnAI+9HVDZD2DHaVzf+HH0=
=bpId
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]