Solar Designer on Openwall

Demonfly writes to tell us that Solar Designer, who some would argue is one of the more respected security experts on the net, took the time to answer a few questions about the future of Openwall, the security enhanced GNU/Linux distro. From the interview: "There's real demand specifically for security-enhanced Linux systems. Linux is widespread, it has good hardware support, there's a lot of software available for it (including some commercial packages), and there are system administrators with specific Linux skills. Of course, OpenBSD and other *BSDs have their user bases, too - and people are working on the security of those systems. No, Linux (the kernel) is not a better choice than *BSDs security-wise. But it is not substantially worse either."

openwall

[NynexNinja]

I respect Solar Designer, even though at the time of the initial development of these patches, most of these features were available as seperate patches from various groups of hackers -- Solar Designer is credited for integrating them into one jumbo patch.. That being said, he never put out patches for Linux 2.6, maybe due to his own stubborness towards the difference between a "production" and "beta" kernel release -- who knows.

It is because of this that other projects were allowed to flourish, namely the grsec [grsecurity.net] jumbo patch. I think most people for the last several years have pretty much abandoned using (or even thinking of using) the openwall set of patches when other more feature-rich, updated patches exist and have existed for many years now.

Re:got it already

[Spazmania]

The non-executable stack is in 2.6.xx already.

Then why does the stacktest.c program from openwall succeed in simulating a buffer overflow in SuSE Enterprise 9 with kernel 2.6.15.6?

You can restrict /proc with an LSM too.

Yeah? Which?