Download Shareware and Freeware Software for Windows, Linux, Macintosh, PDA

line Home  |  About Us  |  Link To Us  |  FAQ  |  Contact

Serving Software Downloads in 976 Categories, Downloaded 32.390.851 Times

Openwall Linux kernel patch 2.4.35-ow2

  Date Added: October 27, 2010  |  Visits: 898

Openwall Linux kernel patch

Report Broken Link
Printer Friendly Version

Product Homepage
Download (75 downloads)

Openwall Linux kernel patch is a collection of security-related features for the Linux kernel, all configurable via the new Security options configuration section. In addition to the new features, some versions of the patch contain various security fixes. The number of such fixes changes from version to version, as some are becoming obsolete (such as because of the same problem getting fixed with a new kernel release), while other security issues are discovered. Non-executable user stack area. Most buffer overflow exploits are based on overwriting a functions return address on the stack to point to some arbitrary code, which is also put onto the stack. If the stack area is non-executable, buffer overflow vulnerabilities become harder to exploit. Another way to exploit a buffer overflow is to point the return address to a function in libc, usually system(). This patch also changes the default address that shared libraries are mmap()ed at to make it always contain a zero byte. This makes it impossible to specify any more data (parameters to the function, or more copies of the return address when filling with a pattern), -- in many exploits that have to do with ASCIIZ strings. However, note that this patch is by no means a complete solution, it just adds an extra layer of security. Many buffer overflow vulnerabilities will remain exploitable a more complicated way, and some will even remain unaffected by the patch. The reason for using such a patch is to protect against some of the buffer overflow vulnerabilities that are yet unknown. Also, note that some buffer overflows can be used for denial of service attacks (usually in non-respawning daemons and network clients). A patch like this cannot do anything against that. It is important that you fix vulnerabilities as soon as they become known, even if youre using the patch. The same applies to other features of the patch (discussed below) and their corresponding vulnerabilities. Restricted links in /tmp. Ive also added a link-in-+t restriction, originally for Linux 2.0 only, by Andrew Tridgell. Ive updated it to prevent from using a hard link in an attack instead, by not allowing regular users to create hard links to files they dont own, unless they could read and write the file (due to group permissions). This is usually the desired behavior anyway, since otherwise users couldnt remove such links theyve just created in a +t directory (unfortunately, this is still possible for group-writable files) and because of disk quotas. Unfortunately, this may break existing applications. Restricted FIFOs in /tmp. In addition to restricting links, you might also want to restrict writes into untrusted FIFOs (named pipes), to make data spoofing attacks harder. Enabling this option disallows writing into FIFOs not owned by the user in +t directories, unless the owner is the same as that of the directory or the FIFO is opened without the O_CREAT flag. Restricted /proc. This was originally a patch by route that only changed the permissions on some directories in /proc, so you had to be root to access them. Then there were similar patches by others. I found them all quite unusable for my purposes, on a system where I wanted several admins to be able to see all the processes, etc, without having to su root (or use sudo) each time. So I had to create my own patch that I include here. This option restricts the permissions on /proc so that non-root users can see their own processes only, and nothing about active network connections, unless theyre in a special group. This groups id is specified via the gid= mount option, and is 0 by default. (Note: if youre using identd, you will need to edit the inetd.conf line to run identd as this special group.) Also, this disables dmesg(8) for the users. You might want to use this on an ISP shell server where privacy is an issue. Note that these extra restrictions can be trivially bypassed with physical access (without having to reboot). When using this part of the patch, most programs (ps, top, who) work as desired -- they only show the processes of this user (unless root or in the special group, or running with the relevant capabilities on 2.2+), and dont complain they cant access others. However, theres a known problem with w(1) in recent versions of procps, so you should apply the included patch to procps if this applies to you. Whats New in This Release: - This revision adds a fix for the "parent process death signal" vulnerability in the Linux kernel. - It also adds two security hardening features, both enabled by default: restricted access to VM86 mode (specific to 32-bit x86) and restricted zero page mappings (generic)..

Requirements: No special requirements
Platforms: Linux
Keyword: Buffer Buffer Overflow Buffer Overflow Vulnerabilities Features Fifos Kernel Kernels Linux Linux Kernel Openwall Openwall Linux Kernel Patch Patch System
Users rating: 0/10

License: Freeware Size: 34.82 KB
More Reviews or Write Review

File Security  -  Comodo Memory Firewall
Free Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defense against one of the most serious and common attack types on the Internet - the buffer overflow attack. Free Comodo Memory Firewall...
3.27 MB  
Libraries  -  Audio::LADSPA::Buffer 0.018
Audio::LADSPA::Buffer is a Perl module for LADSPA buffer. SYNOPSIS use Audio::LADSPA; my $buffer = Audio::LADSPA::Buffer->new($size); $plugin->connect(Port name => $buffer); $buffer->set( @values ); # or get a buffer from a plugin.....
81.92 KB  
Action Games  -  Digital : A Love Story 1.1
A free mystery game for your Mac Digital : A Love Story is a free and fun computer and mistery romance set five minutes into the future of 1988. Here are some key features of "Digital : A Love Story": ?*A* Discover...
41.33 MB  
Libraries  -  smalloc 1.0
smalloc short from Static memory buffer malloc, is an ideal memory manager for Realtime Linux Kernel modules that cant use dynamic memory offered by kmalloc because of the non-realtime nature of kmalloc. Like malloc(), smalloc() doles out memory...
7.17 KB  
Server Tools  -  Adaptive Security Analyzer IIS 1.0 Beta
Adaptive Security Analyzer IIS (ASA IIS) protects Windows-based web servers from known and unknown vulnerabilities like Directory Traversal, Buffer Overflow, Parser Evasion, High-bit Shellcode, and Remote Data Services, as well as various types of...
13.48 MB  
Text Editors  -  FbTerm 1.7
FbTerm is a fast terminal emulator for linux with frame buffer device or VESA video card. Features include: * mostly as fast as terminal of linux kernel while accelerated scrolling is enabled * select font with fontconfig and...
10.24 KB  
Libraries  -  Wily::Message 0.02
Wily::Message is a Perl extension to handle Wily Messages. SYNOPSIS use Wily::Message; use Wily::Connect; # opens a file in wily and exits when the window is destroyed my $win_id; my $ws = Wily::Connect::connect(); my $wm =...
21.5 KB  
Reference  -  Overflow 7 Free
overflow 7 free provides you with quick, easy. and clear reading for the superb Stack Overflow family of question and answer websites. if you like overflow7 free, please like the app today at overflow 7...
1024 KB  
Libraries  -  Str R107
Str is a C++ class that is designed to make strings almost as easy to work with as they are in languages like TCL or Python. The Str class has minimal outside dependencies, is implemented as a single source file, and is designed to be...
256 KB  
Libraries  -  Libeval 1.0.7
Libeval provides simple means of evaluating simple arithmetic expressions involving literal numeric values, variables and functions using the addition (+), subtraction (-), multiplication (*), division (/), modulo division (), exponentiation (^),...
27.65 KB  
Linux Software  -  wpCache® WordPress HTTP Cache 1.9
wpCache® is a high-performance, distributed object, caching system application, generic in nature, but intended for use in speeding up dynamic web applications, by decreasing database load time. wpCache® decreases dramatically the page...
3.51 MB  
Linux Software  -  Polling Autodialer Software 3.4
ICTBroadcast Auto Dialer software has a survey campaign for telephone surveys and polls. This auto dialer software automatically dials a list of numbers and asks them a set of questions that they can respond to, by using their telephone keypad....
488 B  
Linux Software  -  Total Video Converter Mac Free 3.5.5
Total Video Converter Mac Free developed by EffectMatrix Ltd is the official legal version of Total Video Converter which was a globally recognized brand since 2006. Total Video Converter Mac Free is a free but powerful all-in-one video...
17.7 MB  
Linux Software  -  Skeith mod_log_sql Analyzer 2.10beta2
Skeith is a php based front end for analyzing logs for Apache using mod_log_sql.
47.5 KB  
Linux Software  -  SLAX 6.0+
Slax is a modern, portable, small and fast Linux operating system with a modular approach and outstanding design. Despite its small size, Slax provides a wide collection of pre-installed software for daily use, including a well organized graphical...
190 KB  
Utilities  -  LPAR2RRD 4.95-4
LPAR2RRD collects performance data and generates actual, historical and future trends utilization graphs of your virtual environment. It is agentless (it receives everything from the management stations like vCenter or HMC). The product supports...
2.25 MB  
Utilities  -  Nessconnect 1.0.2
Nessconnect is a GUI, CLI and API client for Nessus and Nessus compatible servers. With an improved user interface, it provides local session management, scan templates, report generation through XSLT, charts and graphs, and vulnerability trending.
819.2 KB  
Utilities  -  Dynamic Power Management 2.6.16
The Dynamic Power Management (DPM) project explores technologies to improve power conservation capabilities of platforms based on open source software. Of particular interest are techniques applicable to running systems, adjusting power parameters...
30.72 KB  
Utilities  -  Ethernet bridge tables
Ethernet bridge tables - Linux Ethernet filter for the Linux bridge. The 2.4-ebtables-brnf package contains the ebtables+bridge-nf patch. Be sure to check out the ebtables hp. This site also contains the arptables userspace tool.
40.96 KB  
Utilities  -  SaraB 1.0.0
SaraB works with DAR (Disk ARchive) to schedule and rotate backups on random-access media (i.e. hard drives, CDs, DVDs, Zip, etc. Basically anything except magnetic tapes.) This reduces hassle for the administrator by providing an automatic backup...
20.48 KB