On Sat, 20 Mar 2004 05:14, Phillip Hofmeister <[EMAIL PROTECTED]> wrote: > On another note, The GRSecurity/SELinux patches mitigate a lot of kernel > vulnerabilities and userland vulnerabilities. If you are running your > own kernel you may wish to look at them.
Nothing protects you against kernel bugs. PaX (part of GRSEC) does some things which can theoretically protect against some kernel bugs, I am not sure whether it would have done any good against any of the recent kernel bugs (I guess if it did then we would have heard about it ;). Any improvement to system security which can make it more difficult for a hostile remote user to run code on your system will make it more difficult for a local kernel bug to be exploited. SE Linux, exec-shield, GRSEC, etc all help in this regard. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
