[grsec] grsecurity 2.1.6 released for 2.4.31/2.6.11.12

Brad Spengler spender at grsecurity.net
Tue Jun 14 16:28:14 EDT 2005


grsecurity 2.1.6 has been released for the 2.4.31 and 2.6.11.12 version 
of the Linux kernel. Changes in this version include:

* PaX updates
* Inverted socket policies (see the sample policy with gradm for syntax)
* gradm now can work on both 2.4 and 2.6 kernels without requiring a 
  recompile for the currently running kernel
* ATI Radeon (and more) video cards will work properly with the 
  /dev/(k)mem restriction feature
* PAM authentication support has been added to the RBAC system for special 
  roles, which allows you to use a variety of different authentication 
  methods in place of the regular kernel-based password authentication.
* A new subject flag was added to be placed on binaries that are allowed 
  to communicate with the /dev/grsec device. The "a" mode should be added 
  to special roles like the admin role. The sample policy has been 
  updated to reflect this change
* The learn_config file has been updated with new rules to facilitate 
  better reduced policies
* The always-reduce-path directive in learn_config is now interpreted by 
  the learning daemon itself, allowing paths to be rewritten before they 
  ever reach the disk
* Various other bugs have been fixed, including improper role reduction 
  in some cases in policy generation 

-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050614/86b9a895/attachment.pgp


More information about the grsecurity mailing list