Page 1 of 1

2.6.16.18 is out

PostPosted: Thu May 25, 2006 11:41 pm
by Raf256
There was few changes that look like important and related to security, between 2.6.16.15 and .18... Perhaps we could suspect new snapshot shortyl?

Btw, grsecurity snapshot 2.6.16.15 seem to apply clean and work with .16 as well.

Thanks for good work :)

Re: 2.6.16.18 is out

PostPosted: Fri May 26, 2006 8:22 am
by tosh
Grsecurity snapshot 2.6.16.15 also applays cleanly to 2.6.16.17.

Haven't tested with 2.6.16.18 yet, but as this is only security fix release that should be patchable also. Just try yourself.

PostPosted: Fri May 26, 2006 4:36 pm
by Raf256
There was only one not-clean part of patch:

patching file kernel/ptrace.c
Hunk #3 succeeded at 517 (offset 21 lines).

it is patched by: 21502:diff -urNp linux-2.6.16.15/kernel/ptrace.c linux-2.6.16.15/kernel/ptrace.c

Code: Select all
@@ -495,6 +496,11 @@ asmlinkage long sys_ptrace(long request,
  if (ret < 0)
    goto out_put_task_struct;

+ if (gr_handle_ptrace(child, request)) {
+   ret = -EPERM;
+   goto out_put_task_struct;
+ }
+
  ret = arch_ptrace(child, request, addr, data);
  if (ret < 0)
    goto out_put_task_struct;


and in my humble opinion it looks ok, and the new kernel boots o.k.
and seem to work fine so far :)

PostPosted: Sat May 27, 2006 5:50 am
by Zhenech
does ist run stable?

the 2.6.16.15 patch is from the 09 May, over 2wks old. could it be called 'final'? or what says spender/pax-team?

PostPosted: Sat May 27, 2006 3:52 pm
by tosh
As that patch is still under ~spender and not on the main grsecurity page it is still testing. I haven't had any issues with it (note i don't run gradm at this monent).

2.6.16.19 is out

PostPosted: Wed May 31, 2006 3:02 pm
by Raf256
Btw,
2.6.16.19 is out, and it seem to work fine, the patch .18 -> .19 is trivial: 2 * 1 line

PostPosted: Thu Jun 01, 2006 8:57 am
by quetzal
hello,

where can i find the patch for kernel 2.6.16.19? at ~spender i have found only the patch for 2.6.16.16.

PostPosted: Fri Jun 02, 2006 3:58 pm
by quetzal
*push* :)

PostPosted: Fri Jun 02, 2006 10:08 pm
by Kp
Be patient! You waited less than two days to bump a thread, and the thread was still the most recent in the forum. On forums where bumping is accepted at all, it's generally polite not to bump a thread which you can reasonably expect to be seen by someone reading recent activity. Bumping a thread that's fallen off the front page is sometimes OK, but it's very rare to see bumps on threads which are still topmost!

That said, if you'd read the posts above, you'd have seen that the other members say that you can use the 2.6.16.15 patch for .17, .18, and .19. If you have evidence to the contrary, please state so and specify why you think the 2.6.16.15 patch is not appropriate for the kernel version you're trying to patch.

PostPosted: Tue Jun 06, 2006 9:14 pm
by Raf256
There is .19 in ~spender :) but well .20 is out.. I hope .19 will apply nicelly over it.

PostPosted: Thu Jun 08, 2006 5:01 am
by Carceru
Any idea what known issues there are with the current snapshot, preventing it from being released as final? Are there some known bugs that needs to be fixed, or simply a lack of sufficient testing?

PostPosted: Thu Jun 08, 2006 9:01 am
by PaX Team
Carceru wrote:Any idea what known issues there are with the current snapshot, preventing it from being released as final? Are there some known bugs that needs to be fixed, or simply a lack of sufficient testing?
we need feedback on a locking fix spender mentioned already, other than that it seems that we might as well wait for 2.6.17 and release for that instead (i don't work on .16 myself anymore).