cvs-grsec 2.0.1 work with debian woody kernel 2.4.18-14.3!

Discuss and suggest new grsecurity features

cvs-grsec 2.0.1 work with debian woody kernel 2.4.18-14.3!

Postby Oscon » Wed Jun 30, 2004 7:06 am

Hello!

I am 'Oscon' from Hungary.

If anyone cares, then

I make the special kernel patchset.

download link:

http://startadsl.hu/oscon/patchset-debi ... mage.patch

(5449422 byte)

This work now 2 of 2 IA-32 computer, but only with this kernel!:

http://packages.debian.org/stable/devel ... rce-2.4.18

Version only 14.3!

---

Parts of the patchset:

From distribution Debian Woody 3.0r2:

kernel-patch-freeswan
i2c-source
lm-sensors-source
kernel-patch-2.4-grsecurity

From Ingo Molnar:

http://people.redhat.com/~mingo/O(1)-scheduler/sched-2.4.18-A1

From Andreas Grünbacher:

http://acl.bestbits.at/old/v0.8/diff/li ... 28.diff.gz
http://acl.bestbits.at/old/v0.8/diff/li ... 26.diff.gz

From International kernel patch:

http://www.kernel.org/pub/linux/kernel/ ... 4.20.1.bz2

And From GrSecurity:

http://cvsweb.grsecurity.net/index.cgi/grsecurity2/
http://grsecurity.net/grsecurity-1.9.9h-2.4.20.patch
http://grsecurity.net/grsecurity-2.0-2.4.26.patch
http://www.grsecurity.net/~spender/grse ... .6.7.patch

And From Oscon -)) :

../include/linux/linux_logo.h
../Makefile: extraversion

-----------------
Kernel Configuration Tips:

Not suggested:

- Crypto/ipsec_tunneling option with Networking/freeswan/ip-ipencaps(tunnell mode).
- freeswan/aes (x86 opt) with freeswan/aes. only one from two...
- grsec/Pax Control MAC/direct... Only Mac/none or Mac/hook...
- grsec/address space protection/disallow elf text relocations.

-------------

The gradm 2.0.1 from cvs is needed, and work!

chpax 0.7: work.
paxtest 0.9.5: work
paxtest 0.9.6: work.

paxctl 0.2: perhaps.

ext2/3 posix acl,ea needed: attr, acl package from debian woody 3.0r2.

But this not require 'acl, xattr' mount -option.

-----------

But only, if anyone cares...!

-----------

Sorry: I have no chance now the "greater testing".

And I speak not so good english.

my e--mail address:

osconßß!%ßstartadslßß!%ßhu

ßß!%ß = @

Good luck!
Oscon
 
Posts: 44
Joined: Fri Jun 11, 2004 6:32 pm

Re: cvs-grsec 2.0.1 work with debian woody kernel 2.4.18-14.

Postby hightower » Wed Jun 30, 2004 11:10 am

Oscon wrote:Hello!
I am 'Oscon' from Hungary.
If anyone cares, then
I make the special kernel patchset.
http://people.redhat.com/~mingo/O(1)-scheduler/sched-2.4.18-A1
Old and buggy as hell.

Old and buggy as hell too.

I doubt you integrated this version :p

Oscon wrote:Sorry: I have no chance now the "greater testing".
And I speak not so good english.
my e--mail address:
osconßß!%ßstartadslßß!%ßhu
Not speaking good english isn't that bad, but pasting nonsense email address is :p

ciao, Marc
hightower
 
Posts: 49
Joined: Wed Mar 06, 2002 11:36 am

Re: cvs-grsec 2.0.1 work with debian woody kernel 2.4.18-14.

Postby Oscon » Wed Jun 30, 2004 12:00 pm

hightower wrote:Old and buggy as hell too.


yes, old patches, but why, and where "buggy as hell" ?
I could'nt/can't from this.

pls. more information from these bugs...
thx.

hightower wrote:I doubt you integrated this version :p


the patchset... is parts of "more grsecurity versions".

few! parts from 2.0.1-2.6.7 + many parts from 2.0.1-2.4.26 + some parts from 1.9.9h-2.4.20 + few! parts from kernel-patch-2.4-grsecurity package = "patchset grsecurity 2.0.1"

And it seems, it works now correct with cvs-gradm 2.0.1.

hightower wrote:Not speaking good english isn't that bad, but pasting nonsense email address is :p

ciao, Marc


e-mail:

@ = ßß!%ß
and
. = ßß!%ß

I write not e-mail addresses into public forums in "xxx@xxx.xxxx" format at spammers.

hi
Oscon
Oscon
 
Posts: 44
Joined: Fri Jun 11, 2004 6:32 pm

patchset in deb package

Postby Oscon » Fri Jul 09, 2004 4:14 pm

If anyone cares....then:

I make the DEB package from this patchset and binary utilities (with source code). (chpax 0.7, paxtest, gradm 2.0.1, iptable_stealth_module, setbatch).

more information
Oscon
 
Posts: 44
Joined: Fri Jun 11, 2004 6:32 pm


Return to grsecurity development