Snort mailing list archives
RE: BO preproc exploit published
From: "Ron Jenkins" <rjenkins () dibr net>
Date: Wed, 26 Oct 2005 21:46:40 -0500
Thanks... -----Original Message----- From: byte_jump [mailto:bytejump () gmail com] Sent: Wednesday, October 26, 2005 9:15 PM To: Ron Jenkins Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] BO preproc exploit published ProPolice: http://www.research.ibm.com/trl/projects/security/ssp/ You need to have a GCC that has stack-smash-protector (SSP) functionality. You can see if your GCC does by issuing the following command: gcc -v If your gcc has SSP built in, it will output something like this: gcc version 3.3.4 20040623 (Gentoo Hardened Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6) The "ssp" and "pie" (Position-Independent Executable) are what you want to see. During compilation you want to see something like "fstack-protector" in the compilation output. You can Google for more info, but those are the basics. Grsecurity and PaX can be found here: http://grsecurity.net/ http://pax.grsecurity.net/ Those are patches for the Linux kernel and I highly recommend that you read the info available on grsecurity's site. The "features" page has quite a list describing what grsecurity does: http://grsecurity.net/features.php On 10/26/05, Ron Jenkins <rjenkins () dibr net> wrote:
Hello Do you have web links for those two? I am interested in looking at
them.
Thanks much...
------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BO preproc exploit published Paul Melson (Oct 25)
- Re: BO preproc exploit published Matthew Watchinski (Oct 26)
- RE: BO preproc exploit published Paul Melson (Oct 26)
- Re: BO preproc exploit published byte_jump (Oct 26)
- Re: BO preproc exploit published Murali Raju (Oct 27)
- RE: BO preproc exploit published Paul Melson (Oct 26)
- Re: BO preproc exploit published Matthew Watchinski (Oct 26)
- <Possible follow-ups>
- Re: BO preproc exploit published byte_jump (Oct 26)
- Re: BO preproc exploit published Richard Harman (Oct 26)
- RE: BO preproc exploit published Ron Jenkins (Oct 26)
- BO preproc exploit published Paul . Melson (Nov 01)