Recently, a PaX advisory was published by cr-secure.net. PaX was updated on May 1st 2004 to correct the vulnerability that was located by cr-secure.net.
Does this advisory affect the current GRSecurity?
yes, the version for linux 2.6 has the same piece of code hence vulnerability. even if it's not recommended yet to use 2.6 where there're untrusted local users, if you need the fix urgently, simply use the interdiff of mm/mmap.c between the current PaX patch and grsecurity.Hannibal wrote:Recently, a PaX advisory was published by cr-secure.net. PaX was updated on May 1st 2004 to correct the vulnerability that was located by cr-secure.net.
Does this advisory affect the current GRSecurity?