grsecurity forums

Posted: **Mon Apr 19, 2004 5:35 am**

Hello!

For some time there is a discussion about new version of grsec 2.x, and finally there it is. But there is no documentation for it, on official grsec site there is only very old documentation for 1.9 tree. As one of lazy users I don't want to read all mailing and forums to know how to configure it ;-)

so... maybe someone will make new documentation to ACL system, and for all features that are included in grsecurity such as PAX, and even iptables stealth patch.

If there is already one send me a link or something ;-)

Posted: **Mon Apr 19, 2004 4:26 pm**

Spender is working on some. This was posted to the mailing list on 04-14-2004

I've placed pre-release copies of grsecurity 2.0 for 2.4.26 and 2.6.5,
as well as grsecurity 1.9.15 for 2.4.26 at
http://grsecurity.net/~spender/

There is a new option in PaX for the 2.6.5 kernel that disables the use
of a fixed-address vsyscall page that could be abused for ret2libc
attacks. Some Debian users may not be able to boot with the 2.6.5
patch at all due to a known glibc bug that has been unresolved for
several months. Please redirect complaints to Debian.

Among the changes between 2.0-rc5 and 2.0 are:
* chroots are allowed within a chroot as long as the new chrooted path
is not outside the current chroot path.
* kernel interpretation of globbing, so objects such as /home/*/blah are
interpreted in real time as opposed to at enable time
* kernel interpretation of inheritance, resulting in huge memory savings
in many configurations
* much faster learning system with smaller memory footprint
* user and group transition tables configurable per process on an
inclusive or exclusive basis
* additional ptrace-related object flags
* TEXTREL auditing (for system integrators only)
* many gradm performance enhancements

A quick-start guide is awaiting finishing touches and will be
released within the next few weeks. I'll then begin work on the 2.0
documentation.

-Brad

grsecurity forums

Documentation?

Documentation?