Re: Suggestions for linux security patches
Jason Czerak (Jason-Czerak@Jasnik.net)
19 Dec 2001 16:44:03 -0500
On Wed, 2001-12-19 at 15:48, Jason Czerak wrote:
> I'm running linux 2.4.16, and I"m looking to the best possibly kernel
> patch to harden things up a bit. Primarly I wish to have what is in
> openwall's and grsecurity's patches is the buffer oveflow protection,
> but I'm unable to use the openwall patch because it only support 2.2.X
> kernels ATM. I applied the grsecurity patch but for some reason when
> running mozilla as non-root, the GUI for mozilla is all messed up (and
I
> enabled sysctl support so nothing was enabled by default except stuff
> that isn't able to use sysctl).
>
> So to advoid applying 20 or so differnet patches, and evaluate each of
> them (taking up what little time I have in a day...), I wish to get
the
> lists opinions on the matter.
>
Ok, so 20 or so was a little off base. :) it's more like 3 packages that
are for my type of system and that appear to be activtly developed
1: SeLinux
2. Grsecurity
3. Lids
Lids, and grsecurity appear to be highly configureable and grsecurity
isn't playing nice with some applictions on my system. I'll be testing
out SeLinux and Lids tomarrow, but as one list memeber emailed me
ealier, LIDS has over 500 differnent options, That right there maybe a
turn off for sake of sanity right now. :)
--
Jason Czerak
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/