New kernel vulnerability

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Postby mar » Wed Feb 18, 2004 6:04 pm

Compiled without problems with devastor's patch. :)
mar
 
Posts: 3
Joined: Wed Feb 18, 2004 2:42 pm

Postby quags » Wed Feb 18, 2004 7:29 pm

the patched fixed compiling problems I was having as well
quags
 
Posts: 4
Joined: Wed Feb 18, 2004 7:28 pm

Postby devastor » Wed Feb 18, 2004 8:23 pm

I updated the patch to fix a missing semi-colon in fs/binfmt_elf.c

It caused a compilation failure when support for PAX's new softmode was enabled
devastor
 
Posts: 41
Joined: Fri Oct 11, 2002 5:07 pm

Postby spender » Wed Feb 18, 2004 9:39 pm

I've updated the patches on the link, and added one for grsecurity 2.0.
Let me know if there are any problems with these updated patches.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

updated 2.4.25 patches

Postby underattack » Thu Feb 19, 2004 10:35 am

the updated patch works fine here (two different systems, one PIII/SCSI and one Athlon/IDE).
underattack
 
Posts: 4
Joined: Wed Feb 18, 2004 4:08 pm

Postby siti » Thu Feb 19, 2004 6:08 pm

The 2.0 patch for 2.4.25 works fine for me, on an Athlon & Athlon-XP :)
siti
 
Posts: 18
Joined: Fri Aug 08, 2003 6:30 pm

Postby Sea-you » Fri Feb 20, 2004 6:51 am

I compiled the updated patch on several machines without any problem, the boxes are working fine (logserver, dns servers, mail servers, proxy servers, webservers).
Sea-you
 
Posts: 10
Joined: Thu Apr 11, 2002 12:48 pm

Postby T2000 » Fri Feb 20, 2004 11:51 am

I'm missing the following things in "make menuconfig"

[*] Enforce non-executable pages x x
x x [ ] Paging based non-executable pages x x
x x [*] Segmentation based non-executable pages x x
x x [ ] Emulate trampolines x x
x x [*] Restrict mprotect() x x
x x [ ] Disallow ELF text relocations (DANGEROUS) x x
x x [*] Address Space Layout Randomization x x
x x [*] Randomize user stack base x x
x x [*] Randomize mmap() base x x
x x [ ] Randomize ET_EXEC base

where are these features in the new patch for 2.4.25?
There is the ne Pax, where I can turn on Softmode but thats all.
T2000
 
Posts: 5
Joined: Fri Feb 20, 2004 11:49 am

Postby PaX Team » Fri Feb 20, 2004 2:03 pm

T2000 wrote:where are these features in the new patch for 2.4.25?
There is the ne Pax, where I can turn on Softmode but thats all.
you have to enable at least one ELF marking scheme (or ACL hook, depending on how you want to control PaX flags). a safe bet in your case is probably to use EI_PAX at least which was the default so far.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby T2000 » Fri Feb 20, 2004 2:44 pm

Thanks. That worked for me. But its really tricky :-)
T2000
 
Posts: 5
Joined: Fri Feb 20, 2004 11:49 am

Postby Serp0 » Fri Feb 20, 2004 2:55 pm

hi i try with 2.4.24 + last grsecurity for this kernel
and the mremap #2 bug its work is vulnerable

i want to comment you

now i compile development last grsecurity + 2.4.25 +grsec.patch
and work very good

:)

see ya
Serp0
 
Posts: 4
Joined: Fri Feb 20, 2004 9:18 am

Previous

Return to grsecurity support

cron