2012.JanuÃ¡r 24.(K) 08:26 idÅ‘pontban email@example.com ezt Ãrta: > On 24 Jan 2012 at 2:35, Francesco R.(vivo) wrote:
>> BTW this in "vanilla" gentoo does not work because of the permission of
>> the su
>> ls -l /usr/bin/su
>> -rws--x--x 1 root root 36776 18 gen 21.31 /usr/bin/su
>> readelf cannot read the address, but there can be other ways to access
>> binary for example for group "disk"
>> hardened gentoo is un-affected as expected (but you already know)
> this is not quite true, what could work against grsec is an exploit that
> implemented a ret2libc style exploit coupled with bruteforcing (if the
> target suid is a PIE). i hope you're all enabling the bruteforce
> feature in grsec ;).
My only concern against bruteforce protection is the possiblity of a DoS.
But it's always better to get DoSed, than to get bruteforced...
dr TÃ³th Attila, RadiolÃ³gus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057