grsecurity forums

This system (old Pentium 75 MHz, 24 Mb RAM) works well with 2.4.25+grsecurity or the pure 2.4.26. This is a pure 100% Debian woody, except for the grsec package (1.19 or 2.0, same problem) and the kernel (from kernel.org, as requested by the package maintener).

Applying grsec on a 2.4.26 makes the system unusable : the kernel loads, shows some informations (last one seen : 'Calibrating...', although I can't say if something else appears, it reboots too quickly) and reboots spontaneously. If you know some way to have more logs, tell me...

I've tried to disable totally Grsec, to build everything again from a clean source, I've purged and reinstalled the grsec package, buid it on another (Sarge) box as a last resort, without any change.

The .config is there :
http://www.courtois.cc/perso/config-2.4.26+grsec2
(the grsec part is not important ; as already said it fails even deactivated). This is a the .config of my 2.4.25+grsec with make oldconfig.

Thanks for any help!

christophe wrote:Applying grsec on a 2.4.26 makes the system unusable : the kernel loads, shows some informations (last one seen : 'Calibrating...', although I can't say if something else appears, it reboots too quickly) and reboots spontaneously. If you know some way to have more logs, tell me...

what does 'grep idt_table System.map' say (on both the working and the failing kernels)? also, can you try the latest PaX patch alone to see if it works at all?

Kernel 2.4.26 with patch from Grsec2 Debian package :

/boot/System.map-2.4.26+grsec2
c01200a0 B idt_table

With the recent pax version as suggested by Lazslo :
/boot/System.map-2.4.26+pax
c02e7000 R
(this one boots and seems to works fine)

Vanilla kernel:
/boot/System.map-2.4.26.v
c02f4000 D idt_table

christophe wrote:/boot/System.map-2.4.26+grsec2
c01200a0 B idt_table

yes, that's a known problem, although the updated grsec patch (from 18th april, not the one from 17th) should have fixed it, alternatively you can just use the cvs version.