Page 1 of 2
2.4.22-grsec
Posted:
Tue Aug 26, 2003 5:04 amby Sleight of Mind
since there were no active changes in the CVS in the past few days/weeks i guess 1.9.12 against 2.4.22-rc2 should be quite the same as 1.9.12 against 2.4.22 final. I took the beta patch and applied it against 2.4.22. The 2 FAILs were very easy to fix.
grsecurity-1.9.12-2.4.22.patch.gz
NOTE: this is not an official patch, but the final 1.9.12 will probably not differ much/at all to this one.
Posted:
Tue Aug 26, 2003 12:11 pmby ranganc
I used the patch to rebuild a kernel for AMD Athlon based system and everything went fine.. seems to working great. I didn't face any issues.
Thanks for the patch
Posted:
Fri Aug 29, 2003 7:54 amby p00p
i couldn't get the patch to apply as per the grsec documentation...
cd /usr/src
patch -p0 grsec-etc-etc-etc.patch
this is after extracting linux-2.4.22 and creating a symbolic link "linux" pointing to linux-2.4.22
it will just sit there for a long time, doesn't appear to be doing anything. mem and cpu usage are very low (1.1ghz box, so it shouldn't take so long) and there is no disk access. what gives?
system: slackware linux 9.0, athlon 1.1ghz, 512mb sdram
Posted:
Fri Aug 29, 2003 8:46 amby maynard
i think you are missing a <
patch -p0 < blabla.patch
regards
maynard
Posted:
Fri Aug 29, 2003 9:22 amby Sleight of Mind
the patch is in gzip format, so i suggest:
- Code: Select all
cd /usr/src/linux
zcat /path/to/grsecurity-1.9.12-2.4.22.patch.gz|patch -p1
Posted:
Fri Aug 29, 2003 4:20 pmby p00p
thanks for responding so quickly, both of you.
i'm about to try the first suggestion.
about the second one, i guess i failed to mention that yes i did gunzip it. thanks though.
Posted:
Fri Aug 29, 2003 4:23 pmby p00p
maynard wrote:i think you are missing a <
patch -p0 < blabla.patch
regards
maynard
wow, that worked INSTANTLY. thanks a lot!
as they say.. KISS.. keep it simple, stupid.
thanks again.
Posted:
Sat Aug 30, 2003 5:57 pmby lowde
hi.
this patch seems to work great. but i get fail messages when i patch the source in the /usr/src/linux/Makefile. it seem that the kernelinformation not change (also KERNELVERSION,...). is this so ok? or have i done something wrong?
thx for the patch.
ps.: sorry for my bad english.
Posted:
Sun Aug 31, 2003 11:09 amby Sleight of Mind
if you apply to a vanilla 2.4.22 tree it will not give a reject on the Makefile. Usually a FAIL on the Makefile is caused by the EXTRAVERSION already being set to some value while the patch expects it to be empty (as it is empty on a vanilla tree)
Posted:
Sun Aug 31, 2003 3:13 pmby lowde
hi
you're right. sorry for the reply. it seems that my distro package management installed a light modified version of the kernelsources
but they call them selves vanilla sources.
thx for the fast reply
keep on workin =)
Posted:
Mon Sep 01, 2003 11:18 amby fallen_angel
any comment to this patch from a grsecurity developer would be helpfull, a negative comment would be better than no comment.
Unix is no windows, reboots are things which should be prevent and security for sure
Posted:
Tue Sep 02, 2003 10:26 amby fallen_angel
official release out
Posted:
Tue Sep 02, 2003 6:03 pmby Sleight of Mind
I killed the patch in my homedir now that the official release is out. My patch and the official one don't differ much, only some minor changes to PAX afaik.
*Thread closed*
Posted:
Thu Sep 04, 2003 4:29 pmby p00p
is there a chance you still have it?
i just copied my .config back over after i had re-extracted the linux sources and patched with the official grsec patch.. and now my kernel doesn't work. so i tried redoing the .config via make menuconfig, and still no luck.
if possible i'd like to try yours again-- that worked. thanks.
Posted:
Thu Sep 04, 2003 7:02 pmby spender
what didn't work? What was your config?
-Brad