fmII
Tue, Oct 07th home | browse | articles | contact | chat | submit | faq | newsletter | about | stats | scoop 19:44 UTC
in
Section
login «
register «
recover password «
[Project] add release | add branch | add screenshot | broken links | change owner | email subscribers | update project | update branch (urls) [Project]
Theme topics | Apps | Resources | Window Managers | Afterstep | Blackbox | Enlightenment | Fluxbox | GTK | IceWM | KDE | MetaCity | Sawfish | Window Maker

 Openwall Linux kernel patch 2.4.35-ow2 (Linux 2.4)
 Section: Unix

 

Added: Sun, Jun 14th 1998 07:11 UTC (10 years, 3 months ago) Updated: Tue, Aug 14th 2007 10:42 UTC (1 year, 1 month ago)


About:
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel. In addition to the new features, some versions of the patch contain various security fixes. The "hardening" features of the patch, while not a complete method of protection, provide an extra layer of security against the easier ways to exploit certain classes of vulnerabilities and/or reduce the impact of those vulnerabilities. The patch can also add a little bit more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing.

Release focus: Minor security fixes

Changes:
This revision adds a fix for the "parent process death signal" vulnerability in the Linux kernel. It also adds two security hardening features, both enabled by default: restricted access to VM86 mode (specific to 32-bit x86) and restricted zero page mappings (generic).

Author:
Solar Designer [contact developer]

Rating:
8.39/10.00 (9 votes)

Homepage:
http://www.openwall.com/linux/
Tar/GZ:
http://www.openwall.com/linux/linux-2.4.35-ow2.tar.gz
Mirror site:
http://www.openwall.com/mirrors/

Trove categories: [change]
[Development Status]  5 - Production/Stable
[Environment]  Console (Text Based)
[Intended Audience]  End Users/Desktop, System Administrators
[License]  OSI Approved :: GNU General Public License (GPL), OSI Approved :: GNU Lesser General Public License (LGPL), Public Domain
[Operating System]  POSIX :: Linux
[Programming Language]  Assembly, C
[Topic]  Security, System :: Operating System Kernels :: Linux, System :: Systems Administration

Dependencies: [change]
Linux (2.4 branch) (required)
[download links]

 
Project admins: [change]
» Solar Designer (Owner)

» Rating: 8.39/10.00 (Rank N/A)
» Vitality: 0.13% (Rank 1384)
» Popularity: 4.53% (Rank 820)

project statsdownload stats
(click to enlarge graphs)
   Record hits: 43,509
   URL hits: 19,845
   Subscribers: 122

Other projects from the same categories:
ipkungfu
Prelude NIDS
ldapconf
jconflib
AppArmor

Users who subscribed to this project also subscribed to:
Monetra
JSON-RPC-Java
dirac
rc.firewall
strongSwan


Add comment · Rate this project · Subscribe to new releases · Ignore this project · Email this project to a friend · Project record in XML

 Branches

Branch Version Last release License URLs
Linux 2.4 2.4.35-ow2 14-Aug-2007 GNU General Public License (GPL) Homepage Tar/GZ
Linux 2.0 2.0.40-ow1 17-Apr-2004 GNU General Public License (GPL) Homepage Tar/GZ
Linux 2.2 2.2.26-ow1 01-Mar-2004 GNU General Public License (GPL) Homepage Tar/GZ

 Releases

Version Focus Date
2.4.35-ow2 Minor security fixes 14-Aug-2007 17:42
2.4.35-ow1 Minor security fixes 08-Aug-2007 05:46
2.4.34-ow1 Minor security fixes 27-Dec-2006 13:21
2.4.33-ow1 Minor feature enhancements 16-Aug-2006 05:50
2.4.32-ow1 Minor bugfixes 26-Nov-2005 09:32
2.4.31-ow1 Minor feature enhancements 03-Jun-2005 08:08
2.4.30-ow3 Major security fixes 12-May-2005 04:20
2.4.30-ow1 Minor security fixes 08-Apr-2005 08:54
2.4.29-ow1 Major security fixes 20-Jan-2005 06:23
2.4.28-ow1 Minor security fixes 23-Nov-2004 07:47

 Comments

[»] How does it compares with security linux
by Veerakumar - Jun 4th 2005 20:06:12

How does it compares with NSA Security Linux patch. Anyone has a idea.

--
Visit me at Veera

[reply] [top]

    [»] Re: How does it compares with security linux
    by Solar Designer - Jun 5th 2005 18:20:21

    These two are not even similar, so it is hard to compare them. Rather, I'll describe them briefly:

    The Openwall Linux kernel patch - a collection of security "hardening" features aimed at reducing the likelihood and/or impact of successful exploitation of certain classes of vulnerabilities in userspace applications, without requiring modifications to any userspace applications or libraries; also included are security fixes/enhancements to issues with the kernel itself (whenever the mainstream kernel is being too conservative or too slow at fixing security issues).

    NSA SELinux - adds support for mandatory access control policies into the Linux kernel, and provides patches to certain userspace utilities to make use of said Linux kernel additions, with more userspace patches available from third parties (the kernel patch is useless without userspace applications and libraries patches); no security fixes/enhancements to issues with the kernel itself are being included (as far as I'm aware).

    The two kernel patches can co-exist, and it may make sense to use both approaches on some systems, although there may be some issues with patch merging (might have to apply some hunks manually). I have not tried that.

    You could also want to consider RSBAC as a well-established generic alternative to SELinux. (Or rather, SELinux is an alternative to RSBAC, since RSBAC is an older project.) It can co-exist with the Openwall Linux kernel patch, too, and I know that some people and even Linux distributions (ALT Linux Castle, other minor ones) have been using these patches together.

    [reply] [top]



© Copyright 2008 SourceForge, Inc., All Rights Reserved.
About freshmeat.net •  Privacy Statement •  Terms of Use •  Trademark Guidelines •  Advertise •  Contact Us • 
ThinkGeek •  Slashdot  •  Linux.com •  SourceForge.net  •  Jobs