References
OpenBSD www.openbsd.org
grsecurity www.grsecurity.net
ExecShield http://people.redhat.com/mingo/exec-shield/
Openwall Project www.openwall.com/Owl/
StackDefender www.ngsec.com/ngproducts/stackdefender
Microsoft Windows Vista www.microsoft.com
Chapter 19: Closing the Holes: Mitigation
483
PART IV
Patching
The only sure way to secure a vulnerable application is to shut it down or patch it. If the
vendor can be trusted to release patches in an expeditious manner, wemay be fortunate
enough to avoid long periods of exposure for the vulnerable application. Unfortunately,
in some cases vendors take weeks, months, or more to properly patch reported vulnerabilities,
or worse yet, release patches that fail to correct known vulnerabilities, thereby
necessitating additional patches. If we determine that we must keep the application up
and running, it may be in our best interests to attempt to patch the application ourselves.
Clearly, this will be an easier task if we have source code to work with and this is
one of the leading arguments in favor of the use of open source software. Patching application
binaries is possible, but difficult at best. Without access to source code, you may
feel it is easiest to leave it to the application vendor to supply a patch.
Pages:
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846