grsecurity forums


https://forums.grsecurity.net./

2.6.33 patch

https://forums.grsecurity.net./viewtopic.php?f=1&t=2259

Page 1 of 1

2.6.33 patch

PostPosted: Wed Mar 03, 2010 6:57 am
by hackman
Hello,
I have ported almost all changes from 2.6.32.9 to 2.6.33 however I'm not very good with assembler so I skipped a few files:

arch/x86/kernel/entry_64.S
arch/x86/kernel/head_32.S
arch/x86/kernel/head_64.S
arch/x86/kernel/vmlinux.lds.S
arch/x86/lib/copy_user_64.S

So, can someone help me with those ?

I'll publish my patch tonight and place the URL here.

Re: 2.6.33 patch

PostPosted: Wed Mar 03, 2010 8:48 am
by spender
We will have a 2.6.33 patch up soon. As always, with each new kernel version, we need to ensure that nothing's been added to or changed in the kernel that would bypass the extra security grsec provides; it's not just a job of patching and fixing rejects.

-Brad

Re: 2.6.33 patch

PostPosted: Wed Mar 03, 2010 9:54 am
by hackman
so, do you want the ported patch or not?

Re: 2.6.33 patch

PostPosted: Wed Mar 03, 2010 2:05 pm
by wao
spender wrote:We will have a 2.6.33 patch up soon. As always, with each new kernel version, we need to ensure that nothing's been added to or changed in the kernel that would bypass the extra security grsec provides; it's not just a job of patching and fixing rejects.

-Brad

when will be 2.6.33 grsec patch available? just +/-

Re: 2.6.33 patch

PostPosted: Mon Mar 08, 2010 12:17 am
by hackman
spender released it yesterday :)

http://www.grsecurity.net/~spender/grse ... 1645.patch

Re: 2.6.33 patch

PostPosted: Mon Mar 08, 2010 4:52 am
by wao
Well, I already did test with grsecurity-2.1.14-2.6.33-201003062044 and grsecurity-2.1.14-2.6.33-201003071645, both work fine.
33-201003071645 is quite faster, [ 0.663202] vs. [ 0.613161] Freeing unused kernel memory: 308k freed. (it's just avg., best was .598202 ) Thanks.

Re: 2.6.33 patch

PostPosted: Wed Mar 10, 2010 11:21 pm
by decula
newbie, sorry

compile went file, very small amount of tuning on a 32 bit slackware 13.0

from policy:

# hide the kernel images and modules
/boot h

but when enabled, I see boot not entirely hidden:

total 88
d????????? ? ? ? ? ? boot/
drwxr-xr-x 10 root root 4096 2006-09-25 22:09 mnt/
drwxr-xr-x 2 root root 4096 2007-04-29 23:35 bin/
...

it's not on a separate mount point - just hanging off of /

ty - dec

Re: 2.6.33 patch

PostPosted: Thu Mar 11, 2010 8:42 am
by spender
This would suggest a problem in the readdir code (the directory name being listed but being unable to stat() it produces the results you've given). I'll take a look at it tonight.

Thanks,
-Brad

Re: 2.6.33 patch

PostPosted: Thu Mar 11, 2010 9:16 pm
by spender
I'm not able to reproduce your issue here. Can you email me the output of 'cat /proc/mounts' and an strace of your ls -al command?

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/