[grsec] Problem with 2.4.33.3 and grsec 2.1.9
Torbjörn Svensson
azoff at se.linux.org
Tue Sep 12 02:14:09 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello!
pageexec at freemail.hu wrote:
> have you got any of UDEREF or SANITIZE enabled? if so, you could
> try without them as they're the most likely to raise anything like
> that (as far as recent PaX changes are concerned).
Yes I got both..
Here is everything related to PAX:
# grep PAX /boot/config-2.4.33.3-grsec_2006-09-06
# CONFIG_GRKERNSEC_PAX_SOFTMODE is not set
# CONFIG_GRKERNSEC_PAX_EI_PAX is not set
CONFIG_GRKERNSEC_PAX_PT_PAX_FLAGS=y
CONFIG_GRKERNSEC_PAX_NO_ACL_FLAGS=y
# CONFIG_GRKERNSEC_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_GRKERNSEC_PAX_HOOK_ACL_FLAGS is not set
CONFIG_GRKERNSEC_PAX_NOEXEC=y
# CONFIG_GRKERNSEC_PAX_PAGEEXEC is not set
CONFIG_GRKERNSEC_PAX_SEGMEXEC=y
# CONFIG_GRKERNSEC_PAX_EMUTRAMP is not set
CONFIG_GRKERNSEC_PAX_MPROTECT=y
# CONFIG_GRKERNSEC_PAX_NOELFRELOCS is not set
CONFIG_GRKERNSEC_PAX_ASLR=y
CONFIG_GRKERNSEC_PAX_RANDKSTACK=y
CONFIG_GRKERNSEC_PAX_RANDUSTACK=y
CONFIG_GRKERNSEC_PAX_RANDMMAP=y
CONFIG_GRKERNSEC_PAX_MEMORY_SANITIZE=y
CONFIG_GRKERNSEC_PAX_MEMORY_UDEREF=y
Shall I test a kernel with both these options disabled or just one of them?
>> So, my real questions is, are there any known problems with latest 2.4
>> with grsec? Are there going to be any grsec-patches that will work with
>> any of the pre/rc packages of 2.4.34?
>
> -pre unlikely, -rc maybe, final definitely.
Oki.
- --
.''`. Torbjörn Svensson, azoff (at) se (dot) linux (dot) org
: :' : 7EB9 2DC5 61AE DAB5 7099 BAC6 798E E39A DBDB 0CFD
`. `' http://www.azoff.se | http://dev.azoff.se
`-- http://se.linux.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFBlAweY7jmtvbDP0RAtuFAJ4oswgtgoVCOXs6JlEriklTAZWGNgCeMu0p
iap0qurCxMaz04XqeOndIOk=
=niE8
-----END PGP SIGNATURE-----
More information about the grsecurity
mailing list