I've placed pre-release copies of grsecurity 2.0 for 2.4.26 and 2.6.5,
as well as grsecurity 1.9.15 for 2.4.26 at
http://grsecurity.net/~spender/There is a new option in PaX for the 2.6.5 kernel that disables the use
of a fixed-address vsyscall page that could be abused for ret2libc
attacks. Some Debian users may not be able to boot with the 2.6.5
patch at all due to a known glibc bug that has been unresolved for
several months. Please redirect complaints to Debian.
Among the changes between 2.0-rc5 and 2.0 are:
* chroots are allowed within a chroot as long as the new chrooted path
is not outside the current chroot path.
* kernel interpretation of globbing, so objects such as /home/*/blah are
interpreted in real time as opposed to at enable time
* kernel interpretation of inheritance, resulting in huge memory savings
in many configurations
* much faster learning system with smaller memory footprint
* user and group transition tables configurable per process on an
inclusive or exclusive basis
* additional ptrace-related object flags
* TEXTREL auditing (for system integrators only)
* many gradm performance enhancements
A quick-start guide is awaiting finishing touches and will be
released within the next few weeks. I'll then begin work on the 2.0
documentation.
-Brad
so... maybe someone will make new documentation to ACL system, and for all features that are included in grsecurity such as PAX, and even iptables stealth patch.