grsecurity forums

[miloska]

hi

there was a patch both grsec and xfs, and now i can not find it.

I think it would be very usefull.

What about the future, will be this patch again?

Thank You for your work!

[raphinou]

I agree with you.
I still have the grsecurity-1.9.9c-2.4.20-xfs.patch and plan to use it, but I wonder if it would be better to use the latest grsecurity with the latest xfs patch applied separately.
Can anyone help answer this question?

Thanks

Raph

PS: if someone wants the grsecurity+xfs I talk about, I could make it available (but I wait to see if grsecurity people advice to use newer versions with xfs patched separately. If it's not available anymore, I guess there is a reason

[spender]

Feel free to make the patch. I have nothing against it. It isn't difficult to patch either...I just haven't had the time to do it.

-Brad

[raphinou]

Hi,

I'm ready to look at how to make this patch if you could give me some directions (what do you usually do? take vanilla kernel, patch xfs and then grsecurity?). This is not a promise as I won't have the possibility to put much time in it, but I could use this patch and would be happy to share the results if I am able to get it working.

I put an older version (the version I'm using now) at http://www.raphinou.com/grsecurity-1.9. ... .patch.bz2


Raph

[spender]

There's not too many failed hunks. The important ones are in fs/namei.c. Make sure that you put the ACL code for grsecurity back in, since it's done in the same places as the XFS ACL code. Put the grsecurity ACL stuff after the XFS acl stuff.

-Brad

[miloska]

well, i'm not a great kernel-hacker , so i (and i think quote a lot of (l)user) would be happy, if there wolud be an 'official' patch.

i will wait

once again thank you for your excelent job. grsec is realy a good stuff.

ps: i was realy upset at 04.01 ))

[Sleight of Mind]

This is from a mail i sent to grsecurity at grsecurity dot net:

I made a grsecurity-1.9.9f-2.4.20-xfs patch similar to the 1.9.9c-2.4.20-xfs patch that was available some time ago. I tested this new patch with a few different .config files and it seems to compile/run fine.


I used the following patches (in this order):
- xfs-2.4.20-all-i386.bz2 from ftp://oss.sgi.com/projects/xfs/download ... l-i386.bz2 (this is a daily snapshot: 6-4-2003, 22:42:00)
- grsecurity-1.9.9f-2.4.20.patch from http://www.grsecurity.org/grsecurity-1. ... 4.20.patch


after applying the grsecurity patch some hunks failed, so i merged those parts manually. The only file that actually required me to think was fs/namei.c, the rest was too obvious


If you like the patch (maybe after testing it some more) it might be worth putting on the website. It can be found at http://deus.et.tudelft.nl/~sleight/grse ... s.patch.gz

Sleight of Mind

Sleight of Mind

[miloska]

Sleight of Mind:
could You please update your patch for 2.4.21?
I would be very grateful.

Thx

miloska

[Sleight of Mind]

From ftp://oss.sgi.com/projects/xfs/patches/2.4.21/README:

When will they be created? After

* Marcelo Tosatti releases the kernel.
* SGI upgrade the XFS CVS tree to the new kernel.
* SGI alpha test the XFS CVS tree against the new kernel.
* SGI split the XFS patch into its components.

In the meantime, don't bother asking, you will be ignored.

I guess we will have to wait a little bit longer.

Sleight of Mind

[kewlzero3]

hi,
we dont have to wait - i use the 2.4.21 with xfs! all you need is ac1.
so - can anyone build a grsec patch for 2.4.21-ac1?
bye
kewl

[Sleight of Mind]

Here's a patch for grsec 1.9.10 and xfs 1.3.0pre2.
An incremental patch to grsec 1.9.11 is also available (thanks to PaX Team for tip, interdiff is a greay utility!

Dir with patches

Note that this xfs release isn't marked as stable yet. I suggest some testing before using on a production server.

Sleight of Mind

[TrAnCeFX]

hey, just patched linux-2.4-xfs with http://deus.et.tudelft.nl/~sleight/patc ... s.patch.gz from above it patched no problems and compiled but if failed to load any ideas?

[Sleight of Mind]

The xfs_cvs patch should be applied to the latest xfs cvs tree
read: http://oss.sgi.com/projects/xfs/cvs_download.html

Do a cvs checkout and apply the patch after it's done. If you don't want to use cvs just use the 1.9.10 patch against a vanilla 2.4.21 and the interdiff patch afterwards to update it to grsec 1.9.11

[Sleight of Mind]

here is my newest creation: 2.4.22-rc2-xfs-grsec:

-vanilla 2.4.21
-official 2.4.22-rc2 patch from kernel.org
-xfs CVS patch created by diff'ing the linux-2.4 and linux-2.4+xfs bitkeeper trees (minding -x SCCS and -x BitKeeper )
-grsecurity-2.0-rc3-2.4.22 from spenders homedir @ grsecurity.net

only the merge between xfs and grsec gave me some rejects, 2 + the Makefile this time. Both of the rejects were known to me since they were exactly the same in previous merges.

I think this patch will apply to later rc's and the final 2.4.22 as well, with a reject on the Makefile because of extraversion of course.

Both the kernel release and the xfs patch for 2.4.22 are not final at the moment, so i suggest some testing before running this patch on a production machine. Some people might prefer waiting for 2.4.22 final, but since the latest grsec patches are for 2.4.22 now, i switched to 2.4.22-rc as well.

I tested it on my router machine at home and it's running fine. gl & hf with it

[NagyZ]

so, now thats 2.4.22 is out, would somebody do a 2.4.22 + grsec 1.9.11 + xfs 1.3? i'd really appriciate that. i dont really have confidence in grsec 2.0 now, but it can change :)