grsecurity forums

[Raf256]

There was few changes that look like important and related to security, between 2.6.16.15 and .18... Perhaps we could suspect new snapshot shortyl?

Btw, grsecurity snapshot 2.6.16.15 seem to apply clean and work with .16 as well.

Thanks for good work

[tosh]

Grsecurity snapshot 2.6.16.15 also applays cleanly to 2.6.16.17.

Haven't tested with 2.6.16.18 yet, but as this is only security fix release that should be patchable also. Just try yourself.

[Raf256]

There was only one not-clean part of patch:

patching file kernel/ptrace.c
Hunk #3 succeeded at 517 (offset 21 lines).

it is patched by: 21502:diff -urNp linux-2.6.16.15/kernel/ptrace.c linux-2.6.16.15/kernel/ptrace.c

Code: Select all

@@ -495,6 +496,11 @@ asmlinkage long sys_ptrace(long request,
  if (ret < 0)
    goto out_put_task_struct;

+ if (gr_handle_ptrace(child, request)) {
+   ret = -EPERM;
+   goto out_put_task_struct;
+ }
+
  ret = arch_ptrace(child, request, addr, data);
  if (ret < 0)
    goto out_put_task_struct;


and in my humble opinion it looks ok, and the new kernel boots o.k.
and seem to work fine so far

[Zhenech]

does ist run stable?

the 2.6.16.15 patch is from the 09 May, over 2wks old. could it be called 'final'? or what says spender/pax-team?

[tosh]

As that patch is still under ~spender and not on the main grsecurity page it is still testing. I haven't had any issues with it (note i don't run gradm at this monent).

[Raf256]

Btw,
2.6.16.19 is out, and it seem to work fine, the patch .18 -> .19 is trivial: 2 * 1 line

[quetzal]

hello,

where can i find the patch for kernel 2.6.16.19? at ~spender i have found only the patch for 2.6.16.16.

[quetzal]

*push*

[Kp]

Be patient! You waited less than two days to bump a thread, and the thread was still the most recent in the forum. On forums where bumping is accepted at all, it's generally polite not to bump a thread which you can reasonably expect to be seen by someone reading recent activity. Bumping a thread that's fallen off the front page is sometimes OK, but it's very rare to see bumps on threads which are still topmost!

That said, if you'd read the posts above, you'd have seen that the other members say that you can use the 2.6.16.15 patch for .17, .18, and .19. If you have evidence to the contrary, please state so and specify why you think the 2.6.16.15 patch is not appropriate for the kernel version you're trying to patch.

[Raf256]

There is .19 in ~spender but well .20 is out.. I hope .19 will apply nicelly over it.

[Carceru]

Any idea what known issues there are with the current snapshot, preventing it from being released as final? Are there some known bugs that needs to be fixed, or simply a lack of sufficient testing?

[PaX Team]

Any idea what known issues there are with the current snapshot, preventing it from being released as final? Are there some known bugs that needs to be fixed, or simply a lack of sufficient testing?

we need feedback on a locking fix spender mentioned already, other than that it seems that we might as well wait for 2.6.17 and release for that instead (i don't work on .16 myself anymore).