grsecurity forums

Skip to content

Kernel 2.6.7

Discuss and suggest new grsecurity features
Topic locked

Postby fek » Thu Jul 15, 2004 6:38 am

It seems, there are still some problems with the patch for 2.6.7. I am using the medium level and only customized the restriction for proc, that www-data may access it. I got some strange segmentation faults, for example of mrtg, irssi or dpkg.

Let's have a look in the syslog:

Jul 15 12:45:01 exodus /USR/SBIN/CRON[13409]: (root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then /usr/bin/mrtg /etc/mrtg.cfg >> /var/log/mrtg/mrtg.log 2>&1; fi)
Jul 15 12:45:01 exodus /USR/SBIN/CRON[11878]: (root) CMD (/usr/bin/mrtg /etc/mrtg.conf >/dev/null 2>&1 )
Jul 15 12:45:01 exodus kernel: grsec: signal 11 sent to /usr/bin/mrtg[mrtg:21264] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:11878] uid/euid:0/0 gid/egid:0/0
Jul 15 12:45:01 exodus kernel: grsec: signal 11 sent to /usr/bin/mrtg[mrtg:31263] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:13409] uid/euid:0/0 gid/egid:0/0
Jul 15 12:46:56 exodus kernel: grsec: From 192.168.1.5: signal 11 sent to /usr/sbin/dpkg-preconfigure[dpkg-preconfigu:18818] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:14918] uid/euid:0/0 gid/egid:0/0
Jul 15 12:46:57 exodus kernel: grsec: From 192.168.1.5: signal 11 sent to /usr/sbin/dpkg-divert[dpkg-divert:29794] uid/euid:0/0 gid/egid:0/0, parent /var/lib/dpkg/tmp.ci/preinst[preinst:21015] uid/euid:0/0 gid/egid:0/0
Jul 15 12:47:43 exodus kernel: grsec: From 192.168.1.5: signal 11 sent to /usr/sbin/dpkg-preconfigure[dpkg-preconfigu:13142] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:14529] uid/euid:0/0 gid/egid:0/0
Jul 15 12:47:44 exodus kernel: grsec: From 192.168.1.5: signal 11 sent to /usr/sbin/dpkg-divert[dpkg-divert:4315] uid/euid:0/0 gid/egid:0/0, parent /var/lib/dpkg/tmp.ci/preinst[preinst:20065] uid/euid:0/0 gid/egid:0/0


Anyone an idea, what happens wrong?
fek
 
Posts: 2
Joined: Thu Jul 15, 2004 6:36 am
Top

Postby Form » Sat Jul 31, 2004 2:58 pm

A status update would be nice. Any idea when the 2.6.7 patch and gradm2 will be released? :(
Form
 
Posts: 1
Joined: Sat Jul 31, 2004 2:56 pm
Top

Postby hightower » Sun Aug 01, 2004 1:33 am

Form wrote:A status update would be nice. Any idea when the 2.6.7 patch and gradm2 will be released? :(

It will be released when 2.6.8 final is out *scnr* ;-((

ciao, Marc
hightower
 
Posts: 49
Joined: Wed Mar 06, 2002 11:36 am
Top

Postby PaX Team » Sun Aug 01, 2004 8:31 am

hightower wrote:
Form wrote:A status update would be nice. Any idea when the 2.6.7 patch and gradm2 will be released? :(

It will be released when 2.6.8 final is out *scnr* ;-((
no, the 2.6.7 release is tied to that of 2.4.27 (which may or may not happen before 2.6.8). 2.6.8 won't come anytime soon due to my less than willing to rush with the PaX part.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top

Patchset for 2.6.7

Postby netoholic » Mon Aug 09, 2004 4:11 am

Hello people,
since 2.6.7 has numerous security issues, anyone have a decent patchset which fixes
- netfilter
- FPU-bug
- ppos races
(something left out ???)
and fresh released grsecurity could be applied ?
Because people who depend on 2.6.7 have to stick a longer time with it until PAX issues with 2.6.8 are solved, it would be beneficial to many people...
I need 2.6.7 for a few boxes with SATA + ICH5/ICH6...
netoholic
 
Posts: 1
Joined: Mon Aug 09, 2004 4:01 am
Top
Previous
Topic locked

Return to grsecurity development

Powered by phpBB® Forum Software © phpBB Group
cron