The ioperm privilege fix was recently added to grsecurity in CVS. However, that still leaves the route cache flooding DOS vulnerability.
It really does look like the 2.4.20 kernel is in a bit of a state when it comes to vulnerabilities. To illustrate, here's a rundown of some of the recent flaws:
Race in ptrace/kmem:2.4.20: not fixed
2.4.21-pre6: fixed
2.4.21-rc2: fixup to the fix
grsecurity: both fixed
Improper ioperm privileges: (trivial to patch)
2.4.20: not fixed
2.4.21-rc2: not fixed
grsecurity: fixed
Route cache flooding DOS:2.4.20: not fixed
2.4.21-rc2: fixed
grsecurity: not fixed
make xconfig: (not a vulnerability, but it annoyed me)
2.4.21-pre7: broken from here on
Redhat's 2.4.20 is on 2.4.21-pre3 and seems to track the -ac tree, has around 150 patches total (based on RH 8, I won't mention 9 since NPTL is incompatible with grsecurity) - the situation there is a lot more complex.
Probably not a good time for Spender to lose his connectivity for a week! To this end, I spent the weekend merging Friday's CVS snapshot of grsecurity diffed against 2.4.20 into the 2.4.21-rc2 (not tested yet), probably an ill-advised move since I've been caught like this once before (around 6 months' ago) - I imagine Brad already has a copy running against rc2.
Applying nethashfix to 2.4.20 is also a possibility [edit: in fact it's trivial], I won't second-guess what the grsecurity team are going to do about this remaining vulnerability, though.
Posted: Thu May 15, 2003 1:45 am