Search Postgresql Archives

Re: Splitting queries across servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


I have never heard of Propolice SSP. What is it ? Any relation to the honey
'Propolys'. just kidding.

Max 

	The name says little although I like it.

http://www.gentoo.org/proj/en/hardened/

I was out of date -- Propolice has been renamed PaX.
The hardened project has many parts, you should read the help on grsecurity, but PaX is very interesting :

-------------------------------------------------------------------
from http://www.gentoo.org/proj/en/hardened/docs/pax-howto.xml :

What is PaX?

PaX is a patch to the Linux kernel that provides hardening in two ways.

The first, ASLR (Address Space Layout Randomization) provides a means to randomize the addressing scheme of all data loaded into memory. When an application is built as a PIE (Position Independent Executable), PaX is able to also randomize the addresses of the application base in addition.

The second protection provided by PaX is non-executable memory. This prevents a common form of attack where executable code is inserted into memory by an attacker. More information on PaX can be found throughout this guide, but the homepage can be found at http://pax.grsecurity.net.

At run time, when a buffer is created, SSP adds a secret random value, the canary, to the end of the buffer. When the function returns, SSP makes sure that the canary is still intact. If an attacker were to perform a buffer overflow, he would overwrite this value and trigger that stack smashing handler.
-------------------------------------------------------------------
For instance, imagine you have a version of Samba with the latest unpatched hole. An attacker can enter. Now if you have PaX all he can do is crash the process, and his intrusion attempt is detected and logged.

	It's not the final cure for everything, but it covers unpatched holes.

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
     subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your
     message can get through to the mailing list cleanly
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux