Re: Hacks
- From: Nix <nix-razor-pit@xxxxxxxxxxxxx>
- Date: Sun, 04 Mar 2007 13:15:00 +0000
On 28 Feb 2007, Tim S. stated:
Nix wrote:
On 28 Feb 2007, Tim said:
John Phillips wrote:
Most probably from an unpatched
flaw.
In the past I have tried using kernel hardening (grsecurity patches) to
mitigate against this. Basically, tricks like stack, so-lib and malloc
address randomisation and no-execute heap and stack - but such tricks ar
eprone to breaking applications.
Why is your firewall running such incredibly fragile apps anyway?
(`I only have one machine' is no excuse in this age of virtualization:
I've been running my firewall in UML for many years now...)
Who said my firewall was running such fragile apps?
You said that the tricks are `prone to breaking applications'. There
aren't very many they break; some Lisp interpreters need patching, it
breaks some old Java interpreters, and that's about all I can recall.
Incidently, the "fragile apps" were XFree86 and java, neither of which are
on my current firewall,
Ah, good! :)
(and yes, XFree86 and X.org before the pci-rework branch will require
access to /dev/mem, which grsecurity understandably wants you to turn
off...)
--
`In the future, company names will be a 32-character hex string.'
--- Bruce Schneier on the shortage of company names
.
- Follow-Ups:
- Re: Hacks
- From: Tim S
- Re: Hacks
- References:
- Re: Hacks
- From: Tim S
- Re: Hacks
- Prev by Date: 3G Data Cards.
- Next by Date: Re: Hacks
- Previous by thread: Re: Hacks
- Next by thread: Re: Hacks
- Index(es):
Relevant Pages
|
