[grsec] gradm2 2.0.1 and grsec 2.0.1 bug with enabling RBAC

Laszlo 'GCS' Boszormenyi gcs at lsc.hu
Sat Oct 30 04:14:28 EDT 2004


Hi all,

* Marek Habersack <grendel at caudium.net> [2004-10-30 01:25:44 +0200]:

> I have used the debian package for gradm2 and the patch downloaded from the
> grsecurity site to build my own kernel. I have assumed the utility was built
> for debian with the proper grsecurity patch version, apparently this is not
> the case. I have recompiled gradm by hand on the machine I ran the tests on
> - it works perfectly now. I will file a bug against the utility in debian,
> thanks a lot and sorry for the confusion - I should have checked all the
> possibilities.
 As the maintainer of grsecurity related packages in debian, I find this
situation a bit confusing. I run grsecurity2 and gradm2 here, and with
the 2.6 series kernel, it is working. But yes, I could reproduce the bug
Marek reported if I switch back to 2.4.27 on the same machine where it
works with 2.6. My assumption was that the same gradm2 binary would work
with both kernel series, which is obviously wrong as it isn't. Brad, is
it possible to make a single gradm2 which works for both kernels? If
not, and I have to ship two gradm2 binaries, then how should I name
them?
 Also, why the gradm2 needs to be compiled under a grsecurity enabled
kernel? I think the necessary bits should be in gradm2, and with an
autodetect or configure switch should be enabled the 2.4/2.6 support
(given with the mess of 2.6, it would default to 2.4).

Regards,
Laszlo/GCS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20041030/22af4c2d/attachment.pgp


More information about the grsecurity mailing list