search for: tataz

...nd would like to use stack smashing protection in order to harden my boxes and avoid many potential exploits. I've known about ProPolice/SSP for a while now (from the Gentoo world) and am aware that FreeBSD 7.0 doesn't yet support it though I know of Jeremy Le Hen's patches (http://tataz.chchile.org/~tataz/FreeBSD/SSP/). Some time after 7.0 is released I'd like to upgrade and apply SSP throughout kernel, userland and ports while I'm at it. However, being an unsupported patchset and all, I have some concerns which I'd like some feedback on well before I embark on thi...

Hi, first sorry for cross-posting but I thought this patch might interest -CURRENT users as well as people concerned by security. I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step further than it has been realized so far. It is available here : http://tataz.chchile.org/~tataz/FreeBSD/SSP/ Everything is explained on the web page, but I will repeat some informations here. The patchset is splitted in two parts to ease the review of the patch. The -propolice patch is only the original ProPolice patch for GCC 3.4.4 applied on FreeBSD source tree. The -...

----- Forwarded message from Damien Miller <djm@cvs.openbsd.org> ----- Subject: OpenSSH 4.0 released From: Damien Miller <djm@cvs.openbsd.org> Date: Wed, 9 Mar 2005 02:54:13 -0700 (MST) To: announce@openbsd.org X-Original-To: jeremie@le-hen.org Delivered-To: tataz@tataz.chchile.org X-Loop: announce@openbsd.org Precedence: list OpenSSH 4.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server...

I just wanted to inform that there is new patch donated by Walter Karshat which implements packet overhead and MPU computations to the rate table. See diff for details on arguments. No tc binary available yet at I have to compile it on system with older glibc (not everyone use 2.3.2). ------------------------------- Martin Devera aka devik Linux kernel QoS/HTB maintainer

...comparing the packet mark to the wanted value, ip(8) doesn''t. It would be great to have this feature. I think the patch is not difficult to write, although I''m not a C guru, I could try to write it. I''m waiting for your feedback. :) Regards, -- Jeremie LE HEN aka TtZ/TataZ jeremie.le-hen@epita.fr . ttz@epita.fr _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hello, I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and the internet. The servers are being attacked with syn floods and go down multiple times a day. The 7 servers belong to a client, who runs redhat. I am trying to find a way to do some kind of syn flood protection inside the firewall. Any suggestions would be greatly appreciated. -- Ryan James ryan@mac2.net

I was wondering if there's any non-executable stack patch for FreeBSD's kernel. I searched in google but all I got was some questions in freebsd-security back from 2001 and an answer saying someone heard about a project like this, but no information at all. Is there any patch like PaX or Openwall available for FreeBSD? I dont want to discuss if its useless or not since there're a