Linux Kernel 2.4 Useful Patches

Web access to the GIT repository - GIT access to the repository

security : Security patches for Linux Kernel 2.4

Those patches specifically target security purposes. Some of them might be incompatible with many other patches, and might even break userland.
Last update:2006/01/22
Description:Security patches for Linux Kernel 2.4
Abstract:Those patches specifically target security purposes. Some of them might be incompatible with many other patches, and might even break userland.

Contents
  • config_ip_stealth : Do not send RST in response to a connect() to closed port - Willy Tarreau - 2006/01/09
    Ported MadCamel's CONFIG_IP_STEALTH patch from 2.2.18. It permits to drop connection attempts to closed ports without sending an RST back, which proves useful as a first protection barrier. The ICMP code has been removed from the patch since kernel 2.4 provides everything to block outgoing ICMP.

  • hotfixes : security and critical fixes for recent Linux-2.4 kernels - Willy Tarreau
    The 2.4-hf kernel tree only contains hotfixes for 2.4 mainline kernels. These are intended for people who cannot upgrade for various reasons, and who still need to apply a security or stability fix. All patches are extracted from the next mainline release or pre-release. The oldest yet supported kernel is 2.4.29.

  • pax : a strong protection against buffer overflows - The PaX Team - 2006/01/22
    PaX implements address randomization and non-executable stack and heap, which results in a strong protection against buffer overflows.

(C) Willy Tarreau - 2008-06-01