On Jan 16, 2008 5:03 PM, Norbert P. Copones <[EMAIL PROTECTED]> wrote: > imo, no patches are available right now. grsec is good, i always > like its rbac. though selinux is in the mainstream kernel, i personally > prefer grsec. > > but grsec does not fix the problem. its only a workaround to prevent > write access to kernel memory. the source of the problem should be > fixed. i remember long ago a pax priv elevation bug was discovered > when vma mirroring was introduced ;) >
thats before the use of PIE "position independent executables". now pageexec is preferred. specially for cpus with the nx bit. 64 bit is the best for this. ASLR is useless in 32 bit. it can be brute forced in as little as 26 seconds. this can only be fixed after xorg is hit with a security cluestick and fixed xorg to not need /dev/mem. or you > > On 38 0, Jimmy Lim <[EMAIL PROTECTED]> wrote: > > Meron na ba? I don't see any patch ATM, unless if you enable grsec. > > > > I wonder why SELinux was not mentioned to secure Linux boxes? > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > [email protected] (#PLUG @ irc.free.net.ph) > Read the Guidelines: http://linux.org.ph/lists > Searchable Archives: http://archives.free.net.ph > -- Lay low and nourish in obscurity _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
