[grsec] any info on the new versions of patches?
Carlos Carvalho
carlos at fisica.ufpr.br
Fri Jan 14 08:33:51 EST 2005
Brad Spengler (spender at grsecurity.net) wrote on 12 January 2005 21:12:
>On Wed, Jan 12, 2005 at 07:35:30PM -0200, Carlos Carvalho wrote:
>> I've seen that there are new versions of the grsec patch and secfixes
>> at ~spender. Should they be used? Do they include fixes for the new
>> SMP page fault handler?
>
>Please do test them out. There is a 2.1.1 patch for 2.4.29-rc2 there
>and a patch for 2.6.10. 2.4.29-rc2 has the SMP page fault handler bug
>fixed, and I'm working on updating the 2.6.10 secfix patch right now.
I'm running it on our main critical server and everything seems fine.
I just have a fuzzy feeling of it being slower however this is only a
subjective impression. The load on the machine now is different from
what it was before the upgrade and the difference is small and hard to
measure. I mention this just because it's a test release. Are the
changes between grsec 2.1 and 2.1.1 that could make it slower? If you
don't see such a possibility forget this.
On the other hand, we have a firewall that is now running vanilla
2.4.29-rc2 and users are complaining that net access is much slower
than when the fw ran 2.4.25 with the same kernel config. ??!!
More information about the grsecurity
mailing list