Re: [PATCH] OpenBSD Networking-related randomization port
From: Horst von Brand
Date: Sat Jan 29 2005 - 19:21:54 EST
Lorenzo =?ISO-8859-1?Q?Hern=E1ndez_?=
=?ISO-8859-1?Q?Garc=EDa-Hierro?= <lorenzo@xxxxxxx> said:
> Attached you can find a split up patch ported from grSecurity [1], as
> Linus commented that he wouldn't get a whole-sale patch, I was working
> on it and also studying what features of grSecurity can be implemented
> without a development or maintenance overhead, aka less-invasive
> implementations.
OK.
> It adds support for advanced networking-related randomization, in
> concrete it adds support for TCP ISNs randomization,
1.
> RPC XIDs
> randomization,
2.
> IP IDs randomization
3.
> and finally a sub-key under the
> Cryptographic options menu for Linux PRNG [2] enhancements
4. (useful now
> and also for future patch submissions), which currently has an only-one
> option for poll sizes increasing (x2).
5 (it seems).
Needs way more splitting?
> As it's impact is minimal (in performance and development/maintenance
> terms), I recommend to merge it, as it gives a basic prevention for the
> so-called system fingerprinting (which is used most by "kids" to know
> how old and insecure could be a target system, many time used as the
> first, even only-one, data to decide if attack or not the target host)
> among other things.
How does it prevent fingerprinting?
And a huge, compressed patch attached.
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/