[rsbac] Re: Will 2.4.20 Source be patched for the latest kernel vulnerability?

Amon Ott ao at rsbac.org
Tue Dec 2 21:56:00 CET 2003

On Dienstag, 2. Dezember 2003 21:14, Joachim Ring wrote:
> On Tue, Dec 02, 2003 at 14:45:08 +0100, Amon Ott wrote:
> > Nothing helps but fixing the kernel bug, see my latest posting. I fear, 
> > of the existing kernel security extensions can limit this bug's effects.
> >
> > All of you certainly know that RSBAC, like the other kernel extensions, 
> > rely on the kernel's correct implementation. Once you enter kernel space, 
> > there is no more security - this is a major disadvantage of its monolithic 
> > design.
> while i suppose all of the above statements that rsbac doesn't help
> against the now infamous do_brk exploit are true, the fact that the machine 
> be attacked has rsbac in place with a policy which either allows writing or
> executing binaries & libs but never both for any given location, might have 
> made exploiting the hole a real challenge...

Thanks for your pointing at this. Yes, sure, a real security system like RSBAC 
would have made it much more difficult, but not impossible. That should have 
been the main point - all we can do is raise the level higher and higher.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list