[grsec] grsecurity 2.1.6 released for 2.4.31/2.6.11.12
Brad Spengler
spender at grsecurity.net
Tue Jun 14 16:28:14 EDT 2005
grsecurity 2.1.6 has been released for the 2.4.31 and 2.6.11.12 version
of the Linux kernel. Changes in this version include:
* PaX updates
* Inverted socket policies (see the sample policy with gradm for syntax)
* gradm now can work on both 2.4 and 2.6 kernels without requiring a
recompile for the currently running kernel
* ATI Radeon (and more) video cards will work properly with the
/dev/(k)mem restriction feature
* PAM authentication support has been added to the RBAC system for special
roles, which allows you to use a variety of different authentication
methods in place of the regular kernel-based password authentication.
* A new subject flag was added to be placed on binaries that are allowed
to communicate with the /dev/grsec device. The "a" mode should be added
to special roles like the admin role. The sample policy has been
updated to reflect this change
* The learn_config file has been updated with new rules to facilitate
better reduced policies
* The always-reduce-path directive in learn_config is now interpreted by
the learning daemon itself, allowing paths to be rewritten before they
ever reach the disk
* Various other bugs have been fixed, including improper role reduction
in some cases in policy generation
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050614/86b9a895/attachment.pgp
More information about the grsecurity
mailing list