[grsec] GRKERNSEC_BRUTE and ret2libc

Pavel Labushev p.labushev at gmail.com
Mon Oct 12 23:00:51 EDT 2009


Brad Spengler wrote:

> Of course, if everything you (and the users of your machine) execute 
> within the context of forking daemons is bug-free, you can of course add 
> SIGSEGV to the list if you wish, or use RES_CRASH from the RBAC system.

Thank you for clarification. And for the quality of code, btw. It's very
interesting read. And the more I read it, the more I wonder why OpenBSD
guys didn't implement something like this or that... "We want to keep
things simple" doesn't work here because, for example, GRKERNSEC_BRUTE
is very simple yet very effective. Too bad OpenBSD users doesn't get
informed about the sutuation and often blindly believe in that KISS
nonsense...


More information about the grsecurity mailing list