PaX Team on SMEP/SMAP and UDEREF.

Discussion in 'all things UNIX' started by Hungry Man, Oct 7, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    https://forums.grsecurity.net/viewtopic.php?f=7&t=3046

    One of many times where PaX and Grsecurity are years ahead of the game.
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    I took a look at Grsecurity but found it too overwhelming, especially at the kernel compiling step o_O I'm pretty content with getting my web-facing applications Apparmored.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's not too hard to compile honestly. I did it very early on in my time with Linux. If you follow my guide it should be a simple matter of copy/pasting terminal commands and then hitting 'space' a bunch to enable mitigations (all of which I list and tell which to check).

    Apparmor's great but a kernel exploit will bypass it. Now it naturally makes kernel exploits harder to carry out and remote exploits more difficult but if you're looking for the highest level of security it's PaX and Grsec.

    Naturally we're average home users. We have a lot less to worry about when it comes to security so with Apparmor you're already way more secure than the average Windows user.
     
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    I'll take a look at your guide when I work up the enthusiasm to have a go at Grsecurity. Messing things up isn't a concern, at least, because I have a recent image to fall back on if needed.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    You can always boot into antoher kernel through GRUB.
     
  6. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Yep. They invented ASLR and get no credit for it. Most people think it is a Microsoft invention, even though PaX was running on Linux about 5 years before MS (and now Apple) copied the technology.
     
Loading...
Thread Status:
Not open for further replies.