Firewall Wizards mailing list archives
Re: Web server security?
From: Mason <hr824 () sunwave net>
Date: Tue, 22 Jun 2004 07:35:05 -0700
On June 22, 2004 05:01 am, you wrote:
FC2 is only interesting to me in that it contains Exec Shield, which should take away stack and heap overflows, leaving us perhaps with just return-into-libc exploits and software bugs... I've got a kernel module that needs dusting off that doesn't allow daemons to execve, which makes things a little better for that last vector...
Paul, may I suggest you check out grsecurity with vserver as opposed to rsbac with UML? Vserver is more lightweight and was designed to isolate a single service rather than providing a whole new kernel, binaries, etc. as UML does. Grsecurity allows you to implement RBAC and MAC and has a application learning mode to help you generate least privilege policies. Grsecurity uses PaX (which I'm guessing you are familiar with) for its buffer/heap overflow protection, it hardens chroots, etc, etc. If you haven't read about them before, here are some links. Grsecurity http://grsecurity.net/index.php http://grsecurity.net/features.php PaX http://pax.grsecurity.net/docs/index.html Vserver http://www.solucorp.qc.ca/miscprj/s_context.hc?s1=2&s2=2&s3=0&s4=0&full=0&prjstate=1&nodoc=0 I think I have mentioned this combination on the list before... I'm not at all affiliated with any of these projects, their approaches just appeal to me. -- Mason Schmitt _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Web server security? Paul D. Robertson (Jun 21)
- Re: Web server security? Steffen Kluge (Jun 22)
- Re: Web server security? Paul D. Robertson (Jun 22)
- Re: Web server security? Mason (Jun 22)
- Re: Web server security? Crispin Cowan (Jun 22)
- Re: Web server security? Paul D. Robertson (Jun 22)
- Re: Web server security? Paul D. Robertson (Jun 22)
- Re: Web server security? Steffen Kluge (Jun 23)
- Re: Web server security? Paul D. Robertson (Jun 22)
- Re: Web server security? Steffen Kluge (Jun 22)