Slashdot Mirror

← Back to Domains

Domain: grsecurity.net

Stories and comments across the archive that link to grsecurity.net.

Comments · 103

  1. Re:Competitive advantage? by Sivar · · Score: 2 · on Red Hat Desktop Edition

    And this doesn't even touch on the nice sharing and permissions options MS gives us.
    You mean ACLs? Yes, Windows has a nice set of file permissions--classically one of its advantages over Linux.
    Linux, however, now has an even more robust set of ACLs which come with GRSecurity, and let's not forget POSIX ACL's which are almost finished.
    Linux still has all of its security advantages over NT though, such as not using IIS, Outlook*.*, IE, Commerce Server, MS SQL, et al, all of which have had some big nasties recently. True, so have some Linux/Unix daemons, but far less frequently and you have to wait about half an hout to two days for a fix rather than three weeks to a 18 months on into infinity for a patch from Microsoft.

    NT does have advantages, but don't EVEN bring up security if you are trying to defend NT. That's a sure-fire way to discredit the platform.

  2. Re:Complacence will get us nowhere by civilizedINTENSITY · · Score: 2 · on Microsoft's 'Palladium' Privacy/DRM Scheme

    SuxOS introduces a revolutionary security structure, using among others, the Linux Intrusion Detection System to enforce MAC (Mandatory Access Control), the grsecurity kernel patch, to enhance overall security by putting restrictions on various parts of the /proc filesystem, preventing common buffer overflows, TCP/IP stealth code et cetera, plus the valuable protection from format string vulnerabilities given by FormatGuard. Other than that, Pluggable Authentication Modules are used for resource limiting and authentication. All this, together with the fact that SuxOS only includes applications and servers that are known to have a history of few or none security flaws, gives the administrator unsurpassed security and control over the system.

    The Linux Intrusion Detection System makes it possible to make an incredibly fine grained set of Access Control Lists, thus making it virtually impossible for even a skilled cracker to penetrate the strong security layers of SuxOS. LIDS provides the ability to control all access to system resources, even preventing a root compromise from subverting the security of the entire system. The default Access Control Lists in SuxOS, has been set up in a very secure fashion, by locking up the system completely, and then explicitly granting access to the applications that need it. The outcome of this is extremely fine grained access control, unsurpassed by any other known Linux distribution today.

    Security of the host itself has been significantly improved. Enforcement of longer passwords, insecure protocols non-existent, and extensive logging and auditing provide a solid foundation to build a complete corporate Internet presence.

  3. Security for RedHat's Kernel by iamsure · · Score: 5, Interesting · on Ask Alan Cox, Activist

    As someone in the Information Security field, I am constantly working to improve the security of Linux machines.

    One of the low points of Linux administration is that very few daemons are chroot'd, and the few that are, dont have much protection because of the Linux kernel's very weak chroot protection.

    Projects like OpenWall, GRSecurity, and SELinux (from the NSA), all attempt different solutions to this problem.

    Of course, they are all incompatible with each other, but the problem remains that the Linux kernel, as shipped by RedHat is insecure when it comes to chroot protection.

    Will this ever change, does RedHat care, and if so, which of these projects do you personally feel is most appropriate to lead the way in the future?