Linux Today: Linux News On Internet Time.

A.P. Lawrence: Hardening your Kernel with OpenWall

Mar 09, 2005, 05:30 (0 Talkback[s])
(Other stories by A.P. Lawrence)

"The Openwall Project provides security related kernel patches for Linux and BSD kernels. I read about this in Hardening Linux by James Turnbull. The patch that most interested me was to prevent executable code from running in the stack. That won't prevent all buffer overflow attacks, but it can stop some of them. I really don't understand why this isn't just the default nowadays--I know it can break some programs and debuggers, but it seems smart to me.

"I installed this on a RedHat ES system. That system was running a 2.4.21 kernel, and had never installed kernel source, so the first step was to go get a newer kernel..."

Complete Story

Related Stories: