netsecl.myfreeforum.org Forum Index netsecl.myfreeforum.org
NetSecL Linux Distribution Forum
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   Join! (free) Join! (free)
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


NetSecL 1.3 is out

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    netsecl.myfreeforum.org Forum Index -> FAQ
View previous topic :: View next topic  
Author Message
admin
Site Admin


Joined: 13 Apr 2006
Posts: 103
PostPosted: Sun May 21, 2006 10:43 am    Post subject: NetSecL 1.3 is out Reply with quote
NetSecL 1.3 is out :). There are some important improvements in the security since ISlack 1.2. There are 2 Paranoia kernels 2.6.x and 2.4.x, they are very restrictive so please be carefull it is advisable to use them as a second kernel. I remind you that PaX Kernels are on CD 2, don't use the kernels from the bootme directory on CD 1 for a second kernel. Some of the libraries were recompiled so they can not use the stack, X was also recompiled and became a little bigger. Here are the results from paxtest:

bash-3.1# paxtest blackhat
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable anonymous mapping (mprotect) : Killed
Executable bss (mprotect) : Killed
Executable data (mprotect) : Killed
Executable heap (mprotect) : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Executable stack (mprotect) : Killed
Anonymous mapping randomisation test : 16 bits (guessed)
Heap randomisation test (ET_EXEC) : 13 bits (guessed)
Heap randomisation test (ET_DYN) : 25 bits (guessed)
Main executable randomisation (ET_EXEC) : 16 bits (guessed)
Main executable randomisation (ET_DYN) : 16 bits (guessed)
Shared library randomisation test : 16 bits (guessed)
Stack randomisation test (SEGMEXEC) : 23 bits (guessed)
Stack randomisation test (PAGEEXEC) : 24 bits (guessed)
Return to function (strcpy) : Vulnerable
Return to function (strcpy, RANDEXEC) : Vulnerable
Return to function (memcpy) : Vulnerable
Return to function (memcpy, RANDEXEC) : Vulnerable
Executable shared library bss : Killed
Executable shared library data : Killed
Writable text segments : Killed


The remaining vulnarabilities are ment to fail:

Quote:
protecting against this kind of attack in general is hard, but certain subtypes can be thwarted to an extent by randomization, stack layout changes (SSP and the like), etc. the general solution will need userland changes as outlined in the PaX future doc, but in the meantime and in the interest of not giving anyone a false sense of security, we included these tests and they are meant to fail.


Reference:
http://forums.grsecurity.net/viewtopic.php?t=1420&highlight=strcpy

There is also a default script with paxpermissions that is executade on the first boot to allow some kind of usability for the system when it is used with paranoia kernels so don't get scared if you get flooded with messages on the first boot. The list is still not full, but I hope to have it full for 1.4 and make all kernels paranoid.

Clamav, Klamav and Dazuko are there now - work perfect. For all other changes check the Changelog:
ftp://mirrors.unixsol.org/netsecl/Changelog.txt
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    netsecl.myfreeforum.org Forum Index -> FAQ All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Card File  Gallery  Forum Archive
Powered by phpBB © 2001, 2005 phpBB Group
Create your own free forum | Buy a domain to use with your forum