grsec/ssp rookie needs help
Posted: Wed Feb 16, 2005 12:55 amHello!
I am new to the grsec tools and I need some assistance with getting started with grsec, pax, and propolice/ssp. I'm not sure if I understand the correct order of what to do. Let me know if the following procedure is correct:
1) Starting off with a minimal install of Slack 10.1
2) Patch Gcc-3.4.3 with ssp patches from here http://www.research.ibm.com/trl/projects/security/ssp/
3) Build and install gcc packages (gcc,g++)
4) Get Linux 2.6.10 source from kernel.org
5) Get as2 patches for 2.6.10 and apply them
6) Get grsec 2.1.1 patches for 2.6.10-as2 and apply them
7) Build and install kernel using configuration guidelines from the quickstart pdf. I wasn't sure if it would be ok to use the "-fstack-protector(-all)" cflag when building the kernel. I didn't know whether or not grsec and propolice/ssp would step on each others toes. Is there really any benefit from using both? Am I setting myself up for future headaches if I use both?
8) Patch and build binutils using patches from the pax site and the source from the slackware site. Again, do I need to use the propolice/ssp cflag here?
9) Install gradm and the pax utilities.
This is about as far as I got. I started getting errors about "permission denied" with libcrypto and libncurses etc.... I know these errors are mentioned elsewhere in the forum, but I was unable to find a scenario like mine. I tried using chpax and paxctl, but didn't have any luck. All that I could glean from the other posts was that I might need to mess with glibc. I was wondering if I needed to rebuild glibc with some sort of special option. Right now I'm using the stock version of glibc that comes with Slack 10.1.
I think I should have posted earlier in the day when my mind was still fresh! But this is all I have for now. Thanks in advance for any help.
I am new to the grsec tools and I need some assistance with getting started with grsec, pax, and propolice/ssp. I'm not sure if I understand the correct order of what to do. Let me know if the following procedure is correct:
1) Starting off with a minimal install of Slack 10.1
2) Patch Gcc-3.4.3 with ssp patches from here http://www.research.ibm.com/trl/projects/security/ssp/
3) Build and install gcc packages (gcc,g++)
4) Get Linux 2.6.10 source from kernel.org
5) Get as2 patches for 2.6.10 and apply them
6) Get grsec 2.1.1 patches for 2.6.10-as2 and apply them
7) Build and install kernel using configuration guidelines from the quickstart pdf. I wasn't sure if it would be ok to use the "-fstack-protector(-all)" cflag when building the kernel. I didn't know whether or not grsec and propolice/ssp would step on each others toes. Is there really any benefit from using both? Am I setting myself up for future headaches if I use both?
8) Patch and build binutils using patches from the pax site and the source from the slackware site. Again, do I need to use the propolice/ssp cflag here?
9) Install gradm and the pax utilities.
This is about as far as I got. I started getting errors about "permission denied" with libcrypto and libncurses etc.... I know these errors are mentioned elsewhere in the forum, but I was unable to find a scenario like mine. I tried using chpax and paxctl, but didn't have any luck. All that I could glean from the other posts was that I might need to mess with glibc. I was wondering if I needed to rebuild glibc with some sort of special option. Right now I'm using the stock version of glibc that comes with Slack 10.1.
I think I should have posted earlier in the day when my mind was still fresh! But this is all I have for now. Thanks in advance for any help.
