Security Patches to the Linux Kernel

• Previous message: Antony Nguyen: "RE: Port 32768/tcp"
• In reply to: Hal Flynn: "DHCP Discussion"
• Next in thread: Michael J. Cannon: "Re: Security Patches to the Linux Kernel"
• Reply: Michael J. Cannon: "Re: Security Patches to the Linux Kernel"
• Reply: twm139@its.to: "RE: Security Patches to the Linux Kernel"
• Reply: Jose Nazario: "Re: Security Patches to the Linux Kernel"
• Reply: Jonathan Rickman: "Re: Security Patches to the Linux Kernel"
• Reply: Fabrice MARIE: "Re: Security Patches to the Linux Kernel"
• Reply: Jason Englander: "Re: Security Patches to the Linux Kernel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 29 Aug 2001 21:27:08 -0600 (MDT)
From: <twm139@its.to>
To: <focus-linux@securityfocus.com>
Subject: Security Patches to the Linux Kernel
Message-ID: <Pine.LNX.4.33.0108292019400.14042-100000@arnold.its.to>

Has anyone here experimented with, or put into production any of the
patches, mods or improvements to Linux's default security architecture?

Two of the systems that I have been looking at are:

1) The NSA's SE Linux at http://www.nsa.gov/selinux/
2) GRSecurity from http://www.getrewted.net/

I have been playing with the GRSecurity patches a bit and they seem to add
a nice level of features to stock linux such as randomization of certain
sequence numbers (PIDS and Network), symlink improvements, as well as
features that make a chroot enviroment more secure. Unfortunately I have
been having problems with some dcache related bug with the patch and 2.4.9
and I have not been able to figure out if there is a mail list for this
patch yet to discuss bugs or issues.

I have not yet tried out the NSA patches, although they seem to have a
slightly different focus, or rather I suppose a much broader focus than
simply securing a few problem areas such as buffer overflows, symlink
problems, or chroot flaws.

I would be interested in learning what other peoples experiences with
these or other security policy patches have been.

Cheers,

Terrence

• Previous message: Antony Nguyen: "RE: Port 32768/tcp"
• In reply to: Hal Flynn: "DHCP Discussion"
• Next in thread: Michael J. Cannon: "Re: Security Patches to the Linux Kernel"
• Reply: Michael J. Cannon: "Re: Security Patches to the Linux Kernel"
• Reply: twm139@its.to: "RE: Security Patches to the Linux Kernel"
• Reply: Jose Nazario: "Re: Security Patches to the Linux Kernel"
• Reply: Jonathan Rickman: "Re: Security Patches to the Linux Kernel"
• Reply: Fabrice MARIE: "Re: Security Patches to the Linux Kernel"
• Reply: Jason Englander: "Re: Security Patches to the Linux Kernel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Anyone know why the Alpha market is so so quiet? ... That is usually not the case with large IT environments with ... But the conclusion is that Kerry arguments against Linux does not ... With 5-20 Linux security patches being released each ... (comp.os.vms) Re: Security Patches to the Linux Kernel ... Security Patches to the Linux Kernel ... NSA's distro is certainly not ready for deployment without a lot of work, ... (Focus-Linux) RE: on patches, for Linux, for Windows, for VMS. ... Subject: OT: on patches, for Linux, for Windows, for VMS. ... These new security patches need to be ... (comp.os.vms) Re: Alpha remembrance day ... platforms that *average* 7-20 security patches per month? ... Actually I was thinking more along the lines of the x86 variants of Solaris or Linux. ... patches of course, whether or not they actually need to be installed ... support plan in place for them, the HW costs are usually a much smaller ... (comp.os.vms) RE: Anyone know why the Alpha market is so so quiet? ... RH Linux had 29 *security* patches. ... See my prev note about whether "buggies" will target web tier or data tier. ... (comp.os.vms)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint