grsecurity forums

Hi all,

I'm using ubuntu-server and want to install grsec. There are problems with the ubuntu compiled when using non-ubuntu kernel src, so i've synced the ubuntu kernel-src package. Unfortunately that kernel is *-7 whereas the latest is *-11... are there old copies of grsec anywhere so that I can find the appropriate version?

Thanks in advance,

ph8

Depending on the severity and location of the Ubuntu kernel patches, it may be possible to forward port their patches into a .11 kernel so that you can use the latest GRsecurity. If you want to try this, grab the .7 kernel source from kernel.org and diff it against the Ubuntu kernel.

Incidentally, why are you still using a distribution that locks you to using only the kernels they provide? What if there's a critical security hole in their kernel and they just sit around and don't release an update? With most distributions, you'd have the option of switching to a kernel.org kernel (albeit at a possible loss of some functionality).

I don't know if ubuntu gives me the option of switching to the kernel.org kernel, I would have thought they did somehow - they're pretty darn good in every other respect, i'll have a look when I install my server machine tonight - cheers for getting back. Still, how come old copies of grsec aren't around?

You might be able to fetch it from CVS if you can find the tag (assuming a tag was created). CVS generally makes it such a nuisance to do tags that many people do not bother. Subversion's whole tree versioning makes it much easier to find a consistent view of an old version; it's unfortunate the GRsecurity is still maintained in a CVS repository.

What did you mean when you said "There are problems with the ubuntu compiled when using non-ubuntu kernel src"?

there are a few articles available (check the ubuntu wiki) that show how to rebuild from the repositories or from kernel.org vanilla