[grsec] grsecurity 2.1.2 released for 2.4.29/2.6.11 *CRITICAL
UPDATE*
Steven Springl
steven at springl.ukfsn.org
Sat Mar 5 15:01:30 EST 2005
On Saturday 05 March 2005 00:55, Brad Spengler wrote:
> grsecurity 2.1.2 has been released today for the 2.4.29 and 2.6.11
> kernels. This is a critical release, and all users of grsecurity are
> strongly urged to upgrade as soon as possible. Changes in this release
> include the removal of RANDEXEC from the configuration, a fix for the
> unsafe terminal false positive, the ability to use hostnames instead of
> IPs in the RBAC policy file, the removal of the randomized TCP ISN, RPC
> XID, and IP ID code, since they added no greater security that what
> Linux currently provides, more consistent log messages, and PaX updates.
> Of particular importance is a fix for an exploitable vulnerability in
> PaX that exists if the SEGMEXEC or RANDEXEC features are enabled. The
> vulnerability was found yesterday by the PaX team during an audit of
> their code. Though remote exploitation of the vulnerability is very
> unlikely, it can be abused locally to compromise the system.
>
> -Brad
Brad
During testing of kernel 2.6.11 with grsecurity 2.1.2 and config
option Security Level set to high, I have noticed that TCP source ports are
no longer random. I have checked the kernel config and both
CONFIG_GRKENSEC_RANDNET & CONFIG_GRKENSEC_RANDSRC are set to y.
If you need any further information please let me know.
Regards
Steven.
More information about the grsecurity
mailing list