Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262861AbTESU1K (ORCPT ); Mon, 19 May 2003 16:27:10 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262872AbTESU1K (ORCPT ); Mon, 19 May 2003 16:27:10 -0400 Received: from ms-smtp-01.nyroc.rr.com ([24.92.226.148]:15764 "EHLO ms-smtp-01.nyroc.rr.com") by vger.kernel.org with ESMTP id S262861AbTESU1H (ORCPT ); Mon, 19 May 2003 16:27:07 -0400 Date: Mon, 19 May 2003 16:36:53 -0400 To: "Barry K. Nathan" Cc: linux-kernel@vger.kernel.org Subject: Re: about buffer overflow. Message-ID: <20030519203653.GA1718@andromeda> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.4i From: Justin Pryzby Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1519 Lines: 36 Check out [http://www.trusteddebian.org/]. They apply a bunch of kernel patches like grsecurity. Seems they have to recompile, repackage all the .debs though. It is interesting to note that some of these patches introduce an apparent non-determinism into userspace; the same inputs could result in different outputs (the difference is that there are more inputs than userspace can actually see). So, maybe it could happen that you get a segv from an off by 1, but when you rerun it, you can't reproduce it because all the addresses are different. In practice, this will eventually segv somewhere, and someone will find the problem, but its something to consider. Justin Pryzby On Mon, May 19, 2003 at 02:22:00AM +0000, Barry K. Nathan wrote: > > On Mon, May 19, 2003 at 03:00:47AM +0300, Halil Demirezen wrote: > > yes that is interesting, however, what i want to learn, clearly, is > > this patch available from 2.4.20-rc1 at every default linux kernel > > from this moment on? > ... > BTW, another option is the pageexec ('PaX') patch: > http://pageexec.virtualave.net/ (warning: this page has pop-up windows) > > and that's integrated into a more comprehensive security patch, > grsecurity: > http://www.grsecurity.net/ > > -Barry K. Nathan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/