grsecurity forums

Skip to content

Linux 2.6.13 is out

Discuss and suggest new grsecurity features
Topic locked

Linux 2.6.13 is out

Postby bani » Sun Aug 28, 2005 10:58 pm

http://www.kernel.org/pub/linux/kernel/ ... 2.6.13.bz2

will we see grsecurity for 2.6.13?
bani
 
Posts: 15
Joined: Sun Aug 28, 2005 10:56 pm
Top

Postby Hannibal » Mon Aug 29, 2005 9:36 am

grsecurity-2.1.7-2.6.13-rc6-200508232047.patch

You can try this for the time being...
Hannibal
 
Posts: 6
Joined: Sun May 02, 2004 11:41 am
Top

Postby Hal9000 » Mon Aug 29, 2005 1:12 pm

niiiiice
Hal9000
 
Posts: 78
Joined: Wed Jun 16, 2004 2:40 am
Top

Postby Blueroot » Mon Aug 29, 2005 7:47 pm

Oh yes, we love you mr "spender" :P
I hope grsec find a way into kernel tree and will be updated for a long time, because I can't live without it 8)
Blueroot
 
Posts: 3
Joined: Sat Aug 27, 2005 6:50 pm
Top

Postby tuxq » Mon Aug 29, 2005 11:09 pm

Blueroot wrote:Oh yes, we love you mr "spender" :P
I hope grsec find a way into kernel tree and will be updated for a long time, because I can't live without it 8)


I'll second that. Though the Linux kernel is free, I'd probably pay for GRSec patch if need be.
tuxq
 
Posts: 34
Joined: Sun Mar 06, 2005 5:59 am
Top

Postby Platyna » Tue Aug 30, 2005 12:13 pm

Any ETA for a stable relase? Because I don't know if I should use that RC or wait, I am a little hurry to upgrade, because 2.6.11 has issues with my SCSI controller. :evil:

Regards.
Platyna
 
Posts: 17
Joined: Fri Jul 29, 2005 5:04 pm
Top

Postby Sylvain » Thu Sep 01, 2005 9:45 am

I also have outstanding issues related to IPSec with 2.6.11

I'm looking forward to see grsec patches for more recent kernel releases.

Although IMHO the 2.6.13 (odd) should not be considered that stable...

Thanks to the grsec team for their great job!
Sylvain
 
Posts: 1
Joined: Thu Sep 01, 2005 9:42 am
Top

Postby GCS » Sat Sep 03, 2005 3:36 am


It fails on x86 with 2.6.13/gcc 4.0.1:
CC fs/binfmt_elf.o
fs/binfmt_elf.c: In function 'pax_parse_elf_flags':
fs/binfmt_elf.c:680: error: 'struct mm_struct' has no member named 'pax_flags'
make[1]: *** [fs/binfmt_elf.o] Error 1
make: *** [fs] Error 2
GCS
 
Posts: 7
Joined: Mon Mar 18, 2002 11:23 am
Top

Postby spender » Tue Sep 06, 2005 8:12 pm

Don't enable the PaX control options unless you enable other PaX options (like randomization or PAGEEXEC/SEGMEXEC). That should fix the problem.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top

Postby Fab » Wed Sep 07, 2005 5:12 am

Hey spender.

When will the "final" be available?
Fab
 
Posts: 8
Joined: Sat Jun 18, 2005 4:32 am
Top

Postby tuxq » Wed Sep 07, 2005 8:37 am

2.1.7 Tests for 2.6.13 and 2.4.31 have been released :)

http://www.grsecurity.net/~spender/grse ... 2221.patch

http://www.grsecurity.net/~spender/grse ... 2019.patch

Update: 2.6.13 patched flawlessly, compiled and running. No problems as of yet!...not that I really expect any.
Last edited by tuxq on Wed Sep 07, 2005 12:33 pm, edited 1 time in total.
tuxq
 
Posts: 34
Joined: Sun Mar 06, 2005 5:59 am
Top

Postby onyx » Wed Sep 07, 2005 10:08 am

Hi!

I get the following error:

Code: Select all
 AR      arch/i386/lib/lib.a
  GEN     .version
  CHK     include/linux/compile.h
  UPD     include/linux/compile.h
  CC      init/version.o
  LD      init/built-in.o
  LD      vmlinux
arch/i386/mm/built-in.o(.text+0xeb4): In function `do_page_fault':
: undefined reference to `pax_handle_fetch_fault'
make: *** [vmlinux] Error 1


I have the following in my .config regarding to pax and grsecurity:

Code: Select all
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_HIGH is not set
CONFIG_GRKERNSEC_CUSTOM=y
# CONFIG_GRKERNSEC_KMEM is not set
CONFIG_GRKERNSEC_IO=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_HIDESYM=y
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
CONFIG_GRKERNSEC_EXECVE=y
# CONFIG_GRKERNSEC_SHM is not set
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_RANDPID=y
# CONFIG_GRKERNSEC_TPE is not set
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_RANDSRC=y
CONFIG_GRKERNSEC_SOCKET=y
CONFIG_GRKERNSEC_SOCKET_ALL=y
CONFIG_GRKERNSEC_SOCKET_ALL_GID=418
CONFIG_GRKERNSEC_SOCKET_CLIENT=y
CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=417
CONFIG_GRKERNSEC_SOCKET_SERVER=y
CONFIG_GRKERNSEC_SOCKET_SERVER_GID=416
# CONFIG_GRKERNSEC_SYSCTL is not set
CONFIG_GRKERNSEC_FLOODTIME=8
CONFIG_GRKERNSEC_FLOODBURST=12
# PaX
CONFIG_PAX=y
# PaX Control
# CONFIG_PAX_SOFTMODE is not set
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
CONFIG_PAX_NO_ACL_FLAGS=y
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
CONFIG_PAX_NOEXEC=y
# CONFIG_PAX_PAGEEXEC is not set
CONFIG_PAX_SEGMEXEC=y
# CONFIG_PAX_EMUTRAMP is not set
CONFIG_PAX_MPROTECT=y
# CONFIG_PAX_NOELFRELOCS is not set
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_NOVSYSCALL=y


Thanks for the help in advance, and sorry for the long post.
onyx
 
Posts: 36
Joined: Tue Jan 20, 2004 7:46 pm
Top

Postby PaX Team » Wed Sep 07, 2005 4:28 pm

onyx wrote:I get the following error:

Code: Select all
 AR      arch/i386/lib/lib.a
  GEN     .version
  CHK     include/linux/compile.h
  UPD     include/linux/compile.h
  CC      init/version.o
  LD      init/built-in.o
  LD      vmlinux
arch/i386/mm/built-in.o(.text+0xeb4): In function `do_page_fault':
: undefined reference to `pax_handle_fetch_fault'
make: *** [vmlinux] Error 1
thanks, i fixed it in PaX (hopefully ;-), you can either apply the interdiff or wait for spender to update grsec.

Code: Select all
--- linux-2.6.13-pax/arch/i386/mm/fault.c       2005-08-30 23:30:12.000000000 +0100
+++ linux-2.6.13-pax/arch/i386/mm/fault.c       2005-09-07 18:54:41.000000000 +0100
@@ -204,7 +204,7 @@

 fastcall void do_invalid_op(struct pt_regs *, unsigned long);

-#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_EMUTRAMP)
+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
 static int pax_handle_fetch_fault(struct pt_regs *regs);
 #endif

@@ -717,7 +717,7 @@
        }
 }

-#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_EMUTRAMP)
+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
 /*
  * PaX: decide what to do with offenders (regs->eip = fault address)
  *
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top

Postby forsaken » Wed Sep 07, 2005 4:40 pm

Hello,

I'm getting this when I try to compile 2.6.13 with grsecurity-2.1.7-2.6.13-200509062221.patch:

arch/i386/kernel/vmlinux.lds:951: undefined symbol `PMD_SHIFT' referenced in expression
forsaken
 
Posts: 74
Joined: Tue May 18, 2004 3:04 am
Top

Postby PaX Team » Wed Sep 07, 2005 9:32 pm

forsaken wrote:arch/i386/kernel/vmlinux.lds:951: undefined symbol `PMD_SHIFT' referenced in expression
let me guess, you have KERNEXEC enabled but PAE disabled, right? i'll fix it up tomorrow.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top
Next
Topic locked

Return to grsecurity development

Powered by phpBB® Forum Software © phpBB Group