[grsec] Grsec + slabinfo
Anthony G. Basile
basile at opensource.dyc.edu
Sat May 29 07:17:32 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
Robin and I at hardened gentoo are working on moving forward with
2.6.32.13 + grsec/pax. Our latest patchset and ebuild are in the tree
marked testing required (~arch).
Robin has hit an OOM problem which we think may be related to grsec.
He's trying to narrow it down looking at slabinfo (among other things
like kmemleak) and we noticed that /proc/slabinfo is removed.
He's got a patch to restore it read only by root. Its at
http://dev.gentoo.org/~robbat2/linux-2.6.32-hardened-r7-slabinfo-available-but-locked.patch
Is this something that can get accepted into grsec? I'm not sure there
are any serious security problems giving out this info to root. This
would be like CONFIG_GRKERNSEC_PROC but for slabinfo rather than processes.
As for the OOM bug, we'll post when we have more details. I haven't
been able to hit the bug myself, so I'm waiting on Robin.
- --
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwA98wACgkQl5yvQNBFVTU8nwCfc5y1HgOCoAgzc62azLM+JLuk
nVsAoKGky0c9ggGrOisnMosiOHiA7crW
=7Lru
-----END PGP SIGNATURE-----
More information about the grsecurity
mailing list