grsecurity forums

[yaplik]

Hi,

I tried to compile kernel 2.6.5 with wolk3.0-rc2 and included wolk-grsec2 patch and
I disabled grsec and i got errors in fs/build-in.o that it doesnt know gr_check_group_change and gr_check_user_change in function compute_creeds() in fs/exec.c:1040
main problem is that these functions arent in grsec_disable.c and havent #ifdef GRKERNSEC ... #endif around
I didnt test it for vanilla kernel + grsec, but it seems that both ofiicial and wolk-grsec2 patch are same in this case

fast fix for vannila+grsec:

Code: Select all

--- a/fs/exec.c 2004-04-24 15:54:57.953674216 +0200
+++ b/fs/exec.c 2004-04-24 15:58:01.193817480 +0200
@@ -1053,11 +1053,13 @@
                        }
                }
        }
- -
+#ifdef GRKERNSEC
        if (!gr_check_user_change(-1, bprm->e_uid, bprm->e_uid))
+#endif /* GRKERNSEC */
                current->suid = current->euid = current->fsuid = bprm->e_uid;
- -
+#ifdef GRKERNSEC
        if (!gr_check_group_change(-1, bprm->e_gid, bprm->e_gid))
+#endif /* GRKERNSEC */
                current->sgid = current->egid = current->fsgid = bprm->e_gid;
 
        gr_handle_chroot_caps(current);


- - Yaplik (yaplik@jabber.cz)
gpg 6970 3B7C 0F72 07DD 1825 B4FB CC27 E7D5 2CDE 2300

[yaplik]

I tested it for vanilla kernel + official grsec2 and its same
- - Yaplik (yaplik@jabber.cz)
gpg 6970 3B7C 0F72 07DD 1825 B4FB CC27 E7D5 2CDE 2300

[PaX Team]

I tried to compile kernel 2.6.5 with wolk3.0-rc2 and included wolk-grsec2 patch and I disabled grsec and i got errors in fs/build-in.o that it doesnt know gr_check_group_change and gr_check_user_change in function compute_creeds() in fs/exec.c:1040
main problem is that these functions arent in grsec_disable.c and havent #ifdef GRKERNSEC ... #endif around

was fixed in CVS yesterday: http://cvsweb.grsecurity.net/index.cgi/grsecurity226/grsecurity/grsec_disabled.c.diff?r1=1.1&r2=1.2