Patch for 2.6.20?

Discuss and suggest new grsecurity features

Patch for 2.6.20?

Postby A-N » Thu Feb 08, 2007 3:50 pm

Hi, when come a Patch for the stable 2.6.20 kernel?

Thanks
A-N
 
Posts: 15
Joined: Wed Nov 17, 2004 2:00 pm

Re: Patch for 2.6.20?

Postby viktor » Sun Feb 11, 2007 6:22 am

A-N wrote:Hi, when come a Patch for the stable 2.6.20 kernel?

Thanks


hi,

i think it will be released for the first bugfix release, 2.6.20.1
viktor
 
Posts: 12
Joined: Sun Feb 11, 2007 6:20 am

Postby A-N » Mon Feb 12, 2007 2:35 pm

Strange :-?

2.6.20 support Core2Duo Processors :cry:
A-N
 
Posts: 15
Joined: Wed Nov 17, 2004 2:00 pm

Postby viktor » Mon Feb 12, 2007 2:49 pm

A-N wrote:Strange :-?

2.6.20 support Core2Duo Processors :cry:


i think 2.6.20.1 will be released pretty soon ;)

for grsec, i donno, but till then you might use the kernel without it
viktor
 
Posts: 12
Joined: Sun Feb 11, 2007 6:20 am

Re: Patch for 2.6.20?

Postby PaX Team » Mon Feb 19, 2007 11:47 am

A-N wrote:Hi, when come a Patch for the stable 2.6.20 kernel?
it's out, let me know how it works, especially under non-i386 archs and also paravirtualization (i tried to support it but i don't actually have a real hypervisor to test under, at least the native ops work).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Patch for 2.6.20?

Postby A-N » Mon Feb 19, 2007 5:04 pm

PaX Team wrote:
A-N wrote:Hi, when come a Patch for the stable 2.6.20 kernel?
it's out,


Where?
A-N
 
Posts: 15
Joined: Wed Nov 17, 2004 2:00 pm

Postby Thrawn » Mon Feb 19, 2007 6:08 pm

Thrawn
 
Posts: 35
Joined: Wed Nov 23, 2005 9:54 am

Postby A-N » Tue Feb 20, 2007 3:35 pm

Sorry for noob question, but what are PaX Patch and grsecurity Patch now? What is different?!
A-N
 
Posts: 15
Joined: Wed Nov 17, 2004 2:00 pm

Re: Patch for 2.6.20?

Postby dweekly » Tue Feb 20, 2007 4:20 pm

viktor wrote:i think it will be released for the first bugfix release, 2.6.20.1


2.6.20.1 is now out. I'm holding my breath for the grsecurity patch! :)
dweekly
 
Posts: 5
Joined: Tue Feb 20, 2007 4:19 pm

Postby voron » Tue Feb 20, 2007 7:33 pm

A-N wrote:Sorry for noob question, but what are PaX Patch and grsecurity Patch now? What is different?!
grsecurity patch usually already includes pax patch and grsecurity itself. PaX patch has not much sense for me at last.
voron
 
Posts: 22
Joined: Mon May 29, 2006 8:54 am

Postby PaX Team » Wed Feb 21, 2007 6:57 pm

A-N wrote:Sorry for noob question, but what are PaX Patch
check out http://pax.grsecurity.net/ and especially the docs
and grsecurity Patch now? What is different?!
PaX is a building block for a HIPS such as grsecurity, it's included in grsec for your convenience and also easier integration (such as PaX flags control).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Patch for 2.6.20?

Postby dweekly » Mon Feb 26, 2007 10:15 pm

dweekly wrote:
viktor wrote:i think it will be released for the first bugfix release, 2.6.20.1


2.6.20.1 is now out. I'm holding my breath for the grsecurity patch! :)


Breath continuing to be held. Who can I bribe to get this out the door now that it looks like the PaX 2.6.20.1 patch is shipping? :)

-D
dweekly
 
Posts: 5
Joined: Tue Feb 20, 2007 4:19 pm

Re: Patch for 2.6.20?

Postby viktor » Mon Feb 26, 2007 10:21 pm

dweekly wrote:
dweekly wrote:
viktor wrote:i think it will be released for the first bugfix release, 2.6.20.1


2.6.20.1 is now out. I'm holding my breath for the grsecurity patch! :)


Breath continuing to be held. Who can I bribe to get this out the door now that it looks like the PaX 2.6.20.1 patch is shipping? :)

-D

man i suppose you really love grsec :) :)
viktor
 
Posts: 12
Joined: Sun Feb 11, 2007 6:20 am

Postby fek » Thu Mar 01, 2007 10:12 am

How does the test-patch work? Are there any problems or issues know about it or does it work smoothly?
fek
 
Posts: 2
Joined: Thu Jul 15, 2004 6:36 am

Postby mguevara » Tue Mar 06, 2007 4:45 am

Not tested yet but tried to build the 2.6.10.1 with the pax-linux-2.6.20.1-test5.patch on i686 and x86_64 archs with config options:
Code: Select all
$ grep PAX .config
CONFIG_PAX=y
CONFIG_PAX_SOFTMODE=y
# CONFIG_PAX_EI_PAX is not set
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
CONFIG_PAX_HOOK_ACL_FLAGS=y
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_SEGMEXEC=y
# CONFIG_PAX_DEFAULT_PAGEEXEC is not set
CONFIG_PAX_DEFAULT_SEGMEXEC=y
# CONFIG_PAX_EMUTRAMP is not set
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_NOELFRELOCS=y
CONFIG_PAX_ASLR=y
# CONFIG_PAX_RANDKSTACK is not set
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
# CONFIG_PAX_MEMORY_SANITIZE is not set
# CONFIG_PAX_MEMORY_UDEREF is not set

Note that I havn't got the CONFIG_PAX_KERNEXEC set for i686. The result x86_64 arch builded fine (with sightly modified config btw). On the i686 it fails with
Code: Select all
  GEN     .version
  CHK     include/linux/compile.h
  UPD     include/linux/compile.h
  CC      init/main.o
  CC      init/version.o
  LD      init/built-in.o
  LD      .tmp_vmlinux1
arch/i386/mm/built-in.o: In function `free_initmem':
(.text+0x241): undefined reference to `__init_end'
arch/i386/mm/built-in.o: In function `mem_init':
(.init.text+0x6b0): undefined reference to `__init_end'
arch/i386/mm/built-in.o: In function `mem_init':
(.init.text+0x740): undefined reference to `__init_end'
make: *** [.tmp_vmlinux1] Error 1
error: Bad exit status from /var/tmp/rpm-tmp.92244 (%build)

I suspect that the problem could be related to changes to arch/i386/kernel/vmlinux.lds.S file in which the patch unconditionally removes __init_end = .; from .bss section and adds __init_end = . + __KERNEL_TEXT_OFFSET; to the .text.align section but only when we have CONFIG_PAX_KERNEXEC set.
mguevara
 
Posts: 4
Joined: Tue Mar 06, 2007 3:57 am

Next

Return to grsecurity development

cron