Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [suse-security] Security patches for Suse's 2.6 kernel
From: Marcus Meissner (meissnersuse.de)
Date: Wed Jan 26 2005 - 03:33:18 CST
On Tue, Jan 25, 2005 at 09:04:15PM +0100, nordi wrote:
> Hi list!
> I've ported the hardlink/symlink protection of the grsecurity patch to
> Suse's 2.6 kernels. My patch makes it considerable harder (and sometimes
> impossible) to exploit insecure handling of files in /tmp. Additionally
> it prevents some other annoying things that an attacker could do with
> hard/symlinks. The patch, more details and install instructions can be
> found on my website (http://private.addcom.de/nordi/). Feedback is welcome!
> The patch is very small and non-intrusive. The slightly changed handling
> of links should(!) not break existing software. At least I've been using
> this patch myself on a Suse 9.1 and a 9.2 machine for a couple of weeks
> now and haven't seen anything break that wasn't broken before ;)
Try to get it in upstream kernel. Good luck ;)
You should probably rename the 2 new functions before to a name that
matches what they do.
Btw, there is a nice thread of grsecurity merge to mainline (with lot
of flamage) going on currently. So you might find a bees nest :/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----