A start

Archaic archaic at indy.rr.com
Sat Jan 17 19:06:00 PST 2004


On Sun, Jan 11, 2004 at 03:47:25PM -0500, Robert Connolly wrote:
> 
> Im not too sure if grsecurity will guard against all that propolice will. I 
> should find different exploit examples perhaps. Try building the example 
> exploits in libsafe's source, without propolice, and see if grsec aborts 
> them...

There is most definately overlapping functionality between various
kernel patches, libsafe, and propolice. The point to remember is that it
doesn't matter which one catches the fault, but that one of them catches
the fault. I read a rather in-depth  (and quite frakly, boring)
technical paper on the various schemes and while a vast majority (I
think around 80%) of the attacks were successfully defeated with each of
the protection schemes, some attacks got through some schemes, and no
scheme stopped them all. That is why the aggregate use of these schemes
is highly recommended.

-- 
Archaic

"This country, with its institutions, belongs to the people who inhabit
it.  Whenever they shall grow weary of the existing government, they can
exercise their constitutional right of amending it or their
revolutionary right to dismember it or overthrow it."

- Abraham Lincoln, 4 April 1861




More information about the hlfs-dev mailing list