Slashdot Mirror

← Back to Domains

Domain: immunix.org

Stories and comments across the archive that link to immunix.org.

Stories · 8

  1. Novell Acquires SELinux Alternative Immunix

    Linux · Novell · · posted by timothy · from the lockdown dept. · 24 comments
    G Money writes "Novell announced today that they acquired Immunix, a company the produces an alternative mandatory access control solution to SELinux using the LSM. For anyone who hasn't used both Immunix and SELinux, the difference between configuring them is like night and day. There's even a YaST module for configuration. (Disclaimer: I'm on the Defcon Immunix CTF team.)"

  2. Clean Needles for Hackers

    Developers · Security · · posted by michael · from the prophylactic dept. · 285 comments
    scubacuda writes "Jon Lasser of the Register opines that we should "give up on the notion that computer security can be improved by putting more people in prison." He argues that a "harm reduction" approach (similar to that of "clean needle" campaign in the War on Drugs) might be more productive. If we, say, wrote in safer programming languages, used tools like Immunix's StackGuard, ProPolice, or OpenBSD 3.3, chroot and UML, we could reduce the damage a malicious hacker might do without damaging our civil liberities."

  3. Clean Needles for Hackers

    Developers · Security · · posted by michael · from the prophylactic dept. · 285 comments
    scubacuda writes "Jon Lasser of the Register opines that we should "give up on the notion that computer security can be improved by putting more people in prison." He argues that a "harm reduction" approach (similar to that of "clean needle" campaign in the War on Drugs) might be more productive. If we, say, wrote in safer programming languages, used tools like Immunix's StackGuard, ProPolice, or OpenBSD 3.3, chroot and UML, we could reduce the damage a malicious hacker might do without damaging our civil liberities."

  4. Stack-Smashing Protector

    Developers · Security · · posted by timothy · from the plugging-holes dept. · 28 comments
    XNormal writes "It's not exactly new but for some reason it doesn't seem to be getting the attention it deserves. The stack smashing-protector developed by Hiroaki Etoh at IBM's Tokyo Research Lab is a patch for GCC that provides effective protection against buffer overflows. It protects against cases not covered by StackGuard and StackShield. It it well-supported on multiple versions of GCC and multiple platforms. Why is it not getting enough attention? Perhaps it needs a CatchyName instead of 'ssp'? I'll ponder this question while I'm recompiling all my executables that have an open port and the libraries they depend on."

  5. Additional Security in the Linux Kernel?

    Ask · Security · · posted by Cliff · from the going-beyond-ugo dept. · 300 comments
    nyx asks: "Recently, I was looking for some way to improve security on my linux boxes. I found few linux patches like grsecurity, LIDS (now also as Linux Security Module), Medusa DS9. I'm testing grsecurity (and it's ACLs) now and I'm quite satisfied with it, but I wonder, what are pros and cons of other solutions. Anybody tried them and can share his experience with us?"

  6. New Features For 2.5 Linux Kernel

    Linux · Linux · · posted by michael · from the modprobe-autopr0n dept. · 141 comments
    An anonymous person writes "The current development version of the Linux kernel is 2.5. At the recent Linux kernel summit, it was agreed to have a "feature freeze" on this kernel by October 31, 2002. Here's a story looking at what's left to be merged before the freeze. Projects most likely to make it into 2.5 (and thus be a part of the next stable kernel, 2.6), include: the reverse mapping VM, the Linux Security Module framework, User Mode Linux and support for filesystems greater than 2TB."

  7. Linux Security Modules Project Update

    Developers · Security · · posted by timothy · from the tightly-locked-boxes dept. · 8 comments
    James Morris writes: "Here's an update on the Linux Security Modules project (LSM). In April last year, the NSA proposed SELinux at the first Linux Kernel Summit. Following feedback from Linus, the LSM project was initiated by Crispin Cowan to develop a generic access control framework for Linux which would allow different types of security policies to be implemented as loadable kernel modules. Rather than having to choose one security model, LSM aims to provide a framework for incorporating a variety of advanced security mechanisms into Linux with a minimal effect on the base kernel. This week, Chris Wright (the principal maintainer) formally announced patches for the 2.4 and 2.5 kernels. Chris will be presenting LSM at this year's Kernel Summit and giving a talk at OLS, hopefully kicking off discussion on acceptance of LSM into the main kernel. Projects which have already been ported to LSM include SELinux, LIDS, DTE, Openwall and Posix.1e Capabilities. Check out the newly re-vamped web site for downloads, documentation and general information."

  8. Linux Security Modules Project Update

    Developers · Security · · posted by timothy · from the tightly-locked-boxes dept. · 8 comments
    James Morris writes: "Here's an update on the Linux Security Modules project (LSM). In April last year, the NSA proposed SELinux at the first Linux Kernel Summit. Following feedback from Linus, the LSM project was initiated by Crispin Cowan to develop a generic access control framework for Linux which would allow different types of security policies to be implemented as loadable kernel modules. Rather than having to choose one security model, LSM aims to provide a framework for incorporating a variety of advanced security mechanisms into Linux with a minimal effect on the base kernel. This week, Chris Wright (the principal maintainer) formally announced patches for the 2.4 and 2.5 kernels. Chris will be presenting LSM at this year's Kernel Summit and giving a talk at OLS, hopefully kicking off discussion on acceptance of LSM into the main kernel. Projects which have already been ported to LSM include SELinux, LIDS, DTE, Openwall and Posix.1e Capabilities. Check out the newly re-vamped web site for downloads, documentation and general information."